VYPR
← All advisories
High severity8.2NVD Advisory· Published May 28, 2026

CVE-2026-44358

CVE-2026-44358

Description

Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary resolution and Node.js module resolution. A fork pull request processed by a pull_request_target workflow could therefore cause fork-supplied code to execute inside the action container in place of the action's own code. This vulnerability is fixed in 1.0.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Untrusted search path in Espressif Shared GitHub DangerJS prior to 1.0.1 allows arbitrary code execution from a fork pull request via pull_request_target workflow.

Vulnerability

In Espressif Shared GitHub DangerJS prior to version 1.0.1, the action's entrypoint.sh invokes DangerJS from the caller's workspace after copying the fork's checkout into it. This creates an untrusted search path for both binary resolution (via npx or PATH) and Node.js module resolution (require()). A fork pull request processed by a pull_request_target workflow can therefore cause fork-supplied code to execute inside the action container in place of the action's own code. The vulnerability affects all releases up to and including 1.0.0, as well as the floating v1 tag before the patched release [1][2].

Exploitation

An attacker needs only network access and the ability to open a fork pull request against any repository that uses the vulnerable action. No prior privileges on the upstream repository are required. The pull_request_target workflow triggers automatically on the fork PR, and the action’s entrypoint.sh runs from the merged workspace where the fork’s checkout has been placed. The attacker can place a malicious danger binary (or a danger.js entry point) or a rogue node_modules/ directory in the fork repository; the action’s search path will resolve those instead of the intended action code. No user interaction beyond opening the PR is needed [1].

Impact

Successful exploitation yields arbitrary code execution inside the action container with the permissions of the GITHUB_TOKEN granted by the calling workflow. In a typical DangerJS integration, the token includes pull-requests: write, enabling the attacker to manipulate pull requests and comments on the upstream repository. If the calling workflow declares broader scopes (e.g., contents: write, permissions: write-all) or exposes sensitive values in env: or with:, the impact can escalate to full authenticated write access to the upstream repository and exfiltration of secrets [1].

Mitigation

The vulnerability is fixed in Shared GitHub DangerJS version 1.0.1, released concurrently with the advisory. The fix removes untrusted content from the module-resolution path before execution and invokes the action’s own DangerJS binary via an absolute path, so neither binary lookup nor require() resolution can be diverted by files supplied through a fork pull request [1][2]. Consumers pinned to the floating v1 tag will automatically pick up the fix once v1 is moved to 1.0.1. Consumers pinned to a specific version must update to 1.0.1 or later. No workarounds are available for versions prior to 1.0.1 [1].

References
  1. Untrusted Search Path in DangerJS Action Entrypoint
  2. fix(security): prevent fork-based binary and module hijack in entrypoint · espressif/shared-github-dangerjs@d742408

AI Insight generated on May 28, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

1
d74240802813

fix(security): prevent fork-based binary and module hijack in entrypoint

https://github.com/espressif/shared-github-dangerjsMahavir JainApr 16, 2026via nvd-ref
commit
3 files changed · +14 3
  • CHANGELOG.md+7 0 modified
    @@ -3,4 +3,11 @@
 _All notable changes to this project will be documented in this file._
 _The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)._
 
+## [1.0.1]
+
+### Security
+
+- Fix CWD-based binary hijack via `npx` by using absolute path to danger binary
+- Remove workspace `node_modules/` before execution to prevent Node.js module resolution hijack from fork PRs
+
 ## [Unreleased]
  • entrypoint.sh+6 2 modified
    @@ -5,8 +5,12 @@ set -euo pipefail
 # Copy the whole dangerjs directory to the workspace directory
 cp -r /src/* /github/workspace
 
+# Remove any node_modules from the workspace to prevent fork-supplied
+# packages from being resolved by Node.js module resolution
+rm -rf /github/workspace/node_modules
+
 # Change to the workspace directory
 cd /github/workspace || exit
 
-# Run DangerJS
-npx danger ci --failOnErrors -v
+# Run DangerJS using absolute path to prevent CWD-based binary hijacking
+/node_modules/.bin/danger ci --failOnErrors -v
  • package.json+1 1 modified
    @@ -1,6 +1,6 @@
 {
     "name": "shared-ci-danger-github",
-    "version": "1.0.0",
+    "version": "1.0.1",
     "description": "Shared CI DangerJS - GitHub Action",
     "keywords": ["danger", "dangerjs", "github", "action"],
     "author": "Tomas Sebestik <tomas.sebestik@espressif.com>",

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

2

News mentions

0

No linked articles in our index yet.