VYPR

GitHub Actions package

embano1/wip

pkg:github/embano1/wip

Vulnerabilities (1)

  • CVE-2023-30623Apr 24, 2023
    affected < 2fixed 2

    `embano1/wip` is a GitHub Action written in Bash. Prior to version 2, the `embano1/wip` action uses the `github.event.pull_request.title` parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string i