Sheldan@programming.dev to Programming@programming.dev · 2 months agoMalicious code injection by compromised pull request branch namesgithub.comexternal-linkmessage-square14fedilinkarrow-up186arrow-down12
arrow-up184arrow-down1external-linkMalicious code injection by compromised pull request branch namesgithub.comSheldan@programming.dev to Programming@programming.dev · 2 months agomessage-square14fedilink
minus-squareFizzyOrange@programming.devlinkfedilinkarrow-up16·2 months agoWhere’s the code that doesn’t quote this properly? I’m guessing it’s Bash.
minus-squareThinker@lemmy.worldlinkfedilinkarrow-up19·2 months agoDing ding ding! We have a winner! It’s a third-party GitHub Action that is passing the branch name directly to Bash. So to be clear, not GitHub’s fault.
Where’s the code that doesn’t quote this properly? I’m guessing it’s Bash.
Ding ding ding! We have a winner!
It’s a third-party GitHub Action that is passing the branch name directly to Bash. So to be clear, not GitHub’s fault.