We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
An attacker can execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue comment.
This issue is patched in gajira-comment version 2.0.2.
There are no known workarounds.
GitHub Security Lab advisory GHSL-2020-173
JarLob Analyst
Impact
An attacker can execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue comment.
Patches
This issue is patched in gajira-comment version 2.0.2.
Workarounds
There are no known workarounds.
References
GitHub Security Lab advisory GHSL-2020-173