Sheldan@programming.dev to Programming@programming.dev · 1 month agoMalicious code injection by compromised pull request branch namesgithub.comexternal-linkmessage-square13fedilinkarrow-up11arrow-down10
arrow-up11arrow-down1external-linkMalicious code injection by compromised pull request branch namesgithub.comSheldan@programming.dev to Programming@programming.dev · 1 month agomessage-square13fedilink
minus-squareFizzyOrange@programming.devlinkfedilinkarrow-up0·1 month agoWhere’s the code that doesn’t quote this properly? I’m guessing it’s Bash.
minus-squareThinker@lemmy.worldlinkfedilinkarrow-up0·1 month agoDing ding ding! We have a winner! It’s a third-party GitHub Action that is passing the branch name directly to Bash. So to be clear, not GitHub’s fault.
Where’s the code that doesn’t quote this properly? I’m guessing it’s Bash.
Ding ding ding! We have a winner!
It’s a third-party GitHub Action that is passing the branch name directly to Bash. So to be clear, not GitHub’s fault.