VYPR

git-tag-annotation-action

by Ericcornelissen

CVEs (1)

  • CVE-2020-15272HigOct 26, 2020
    risk 0.00cvss 8.7epss 0.01

    In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to alter the value of [the `GITHUB_REF` environment variable]. The problem has…