VYPR

changed-files

by Tj Actions

CVEs (3)

  • CVE-2025-30066KEVMar 15, 2025
    Tj Actions
    changed-files
    risk 0.12cvss epss 0.92

    tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious…

  • CVE-2023-52137Dec 29, 2023
    Tj Actions
    changed-files
    risk 0.00cvss epss 0.01

    The [`tj-actions/verify-changed-files`](https://github.com/tj-actions/verify-changed-files) action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. The [`verify-changed-files`](https://github.com/tj-ac…

  • CVE-2023-51664Dec 27, 2023
    Tj Actions
    changed-files
    risk 0.00cvss epss 0.00

    tj-actions/changed-files is a Github action to retrieve all files and directories. Prior to 41.0.0, the `tj-actions/changed-files` workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. This issue…