Sheldan@programming.dev to Programming@programming.dev · 1 year agoMalicious code injection by compromised pull request branch namesgithub.comexternal-linkmessage-square14fedilinkarrow-up185arrow-down12
arrow-up183arrow-down1external-linkMalicious code injection by compromised pull request branch namesgithub.comSheldan@programming.dev to Programming@programming.dev · 1 year agomessage-square14fedilink
minus-squareFizzyOrange@programming.devlinkfedilinkarrow-up16·1 year agoWhere’s the code that doesn’t quote this properly? I’m guessing it’s Bash.
minus-squareThinker@lemmy.worldlinkfedilinkarrow-up19·1 year agoDing ding ding! We have a winner! It’s a third-party GitHub Action that is passing the branch name directly to Bash. So to be clear, not GitHub’s fault.
Where’s the code that doesn’t quote this properly? I’m guessing it’s Bash.
Ding ding ding! We have a winner!
It’s a third-party GitHub Action that is passing the branch name directly to Bash. So to be clear, not GitHub’s fault.