VYPR

GitHub Actions package

rlespinasse/github-slug-action

pkg:github/rlespinasse/github-slug-action

Vulnerabilities (1)

  • CVE-2023-27581Mar 13, 2023
    affected >= 4.0.0, < 4.4.1fixed 4.4.1

    github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0` and prior to version 4.4.1, this action uses the `github.head_ref` parameter in an insecure way. This vulnerability can be trigge