Hello maintainers,
I would like to report a potential vulnerability in your GitHub CI workflows.
Affected files:
- stillrivercode/idk/.github/workflows/security-review.yml
Vulnerability:
- In job 'security-review', step 'AI-powered security analysis', attacker-controlled input from '${{ github.event.issue.title || github.event.pull_request.title }}' and '${{ github.event.issue.body || github.event.pull_request.body }}' is spliced directly into the run shell, leading to command injection.
Thank you for your time and for maintaining this project.
Hello maintainers,
I would like to report a potential vulnerability in your GitHub CI workflows.
Affected files:
Vulnerability:
Thank you for your time and for maintaining this project.