Sheldan@programming.dev to Programming@programming.dev · 23 days agoMalicious code injection by compromised pull request branch namesgithub.comexternal-linkmessage-square14fedilinkarrow-up185arrow-down12
arrow-up183arrow-down1external-linkMalicious code injection by compromised pull request branch namesgithub.comSheldan@programming.dev to Programming@programming.dev · 23 days agomessage-square14fedilink
minus-squareFizzyOrange@programming.devlinkfedilinkarrow-up16·23 days agoWhere’s the code that doesn’t quote this properly? I’m guessing it’s Bash.
minus-squareThinker@lemmy.worldlinkfedilinkarrow-up19·23 days agoDing ding ding! We have a winner! It’s a third-party GitHub Action that is passing the branch name directly to Bash. So to be clear, not GitHub’s fault.
Where’s the code that doesn’t quote this properly? I’m guessing it’s Bash.
Ding ding ding! We have a winner!
It’s a third-party GitHub Action that is passing the branch name directly to Bash. So to be clear, not GitHub’s fault.