check-spelling workflow vulnerable to GITHUB_TOKEN leakage via symlink attack
Description
check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the check-spelling action enabled that triggers on pull_request_target (or schedule), an attacker can send a crafted Pull Request that causes a GITHUB_TOKEN to be exposed. With the GITHUB_TOKEN, it's possible to push commits to the repository bypassing standard approval processes. Commits to the repository could then steal any/all secrets available to the repository. As a workaround users may can either: Disable the workflow until you've fixed all branches or Set repository to Allow specific actions. check-spelling isn't a verified creator and it certainly won't be anytime soon. You could then explicitly add other actions that your repository uses. Set repository Workflow permissions to Read repository contents permission. Workflows using check-spelling/check-spelling@main will get the fix automatically. Workflows using a pinned sha or tagged version will need to change the affected workflows for all repository branches to the latest version. Users can verify who and which Pull Requests have been running the action by looking up the spelling.yml action in the Actions tab of their repositories, e.g., https://github.com/check-spelling/check-spelling/actions/workflows/spelling.yml - you can filter PRs by adding ?query=event%3Apull_request_target, e.g., https://github.com/check-spelling/check-spelling/actions/workflows/spelling.yml?query=event%3Apull_request_target.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
check-spelling GitHub Action leaks GITHUB_TOKEN when triggered on pull_request_target or schedule via a crafted symlink Pull Request.
Vulnerability
The check-spelling GitHub Action prior to version v0.0.19 is vulnerable to GITHUB_TOKEN leakage when the workflow triggers on pull_request_target or schedule events. An attacker can submit a crafted Pull Request containing a symlink that causes the action to expose the GITHUB_TOKEN to the attacker. The affected versions are all releases before v0.0.19. [1][3]
Exploitation
The attacker only needs to fork the repository and create a Pull Request with a specially crafted symlink. The victim repository must have the check-spelling workflow enabled and triggered on pull_request_target (or schedule). No additional authentication or privileges are required beyond the ability to open a pull request. The attacker's crafted PR causes the workflow to leak the GITHUB_TOKEN, which is an automatically generated token with repository write permissions. [1][3]
Impact
With the exposed GITHUB_TOKEN, the attacker can push arbitrary commits to the repository, bypassing standard approval processes. This allows the attacker to steal any/all secrets (e.g., cloud provider credentials, API keys) stored as repository secrets. The attacker gains write access equivalent to the GITHUB_TOKEN permissions, which typically include contents: write. [1][3]
Mitigation
The fix is included in version v0.0.19 released on 2021-09-09. Repositories using check-spelling/check-spelling@main receive the fix automatically; those pinning a SHA or tagged version must update workflows on all branches to v0.0.19 or later. Workarounds include: disabling the workflow, restricting allowed actions to verified creators only, or setting the GITHUB_TOKEN permissions to Read repository contents permission. Users can audit which PRs ran the action via the Actions tab with the query ?query=event%3Apull_request_target. [2][3]
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
check-spelling/check-spellingGitHub Actions | < 0.0.19 | 0.0.19 |
Affected products
3- check-spelling/check-spellingv5Range: < 0.0.19
Patches
1436362fc6b58Merge pull request from GHSA-g86g-chm8-7r2p
3 files changed · +29 −3
common.sh+5 −0 modified@@ -1,5 +1,10 @@ #!/bin/bash if [ "$INITIALIZED" != defined ]; then + if [ "$RUNNER_OS" = "Windows" ]; then + echo "::error ::Windows isn't currently supported" + exit 5 + fi + now() { date +'%s%N' }
spelling-unknown-word-splitter.pl+2 −2 modified@@ -16,9 +16,9 @@ # skip files that don't exist (including dangling symlinks) if (scalar @ARGV) { - @ARGV = grep {-r || $_ eq '-'} @ARGV; + @ARGV = grep {! -l && -f && -r} @ARGV; unless (scalar @ARGV) { - print STDERR "None of the provided files are readable\n"; + print STDERR "::warning ::Was not provided any regular readable files\n"; exit 0; } }
unknown-words.sh+22 −1 modified@@ -373,7 +373,28 @@ check_dictionary() { } cleanup_file() { - maybe_bad="$1" + export maybe_bad="$1" + + result=0 + perl -e ' + use Cwd qw(abs_path); + my $maybe_bad=abs_path($ENV{maybe_bad}); + my $workspace_path=abs_path($ENV{GITHUB_WORKSPACE}); + if ($maybe_bad !~ /^\Q$workspace_path\E/) { + print "::error ::Configuration files must live within $workspace_path...\n"; + print "::error ::Unfortunately, file $maybe_bad appears to reside elsewhere.\n"; + exit 3; + } + if ($maybe_bad =~ m{/\.git/}i) { + print "::error ::Configuration files must not live within `.git/`...\n"; + print "::error ::Unfortunately, file $maybe_bad appears to.\n"; + exit 4; + } + ' || result=$? + if [ $result -gt 0 ]; then + quit $result + fi + type="$2" case "$type" in patterns|excludes|only)
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-g86g-chm8-7r2pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-32724ghsaADVISORY
- github.com/check-spelling/check-spelling/commit/436362fc6b588d9d561cbdb575260ca593c8dc56ghsax_refsource_MISCWEB
- github.com/check-spelling/check-spelling/releases/tag/v0.0.19ghsaWEB
- github.com/check-spelling/check-spelling/security/advisories/GHSA-g86g-chm8-7r2pghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.