| ▲ | CGamesPlay 2 hours ago | |||||||
Can you cite this? It's not YAML execution syntax, surely Github doesn't do it, the only vector I can see is if you put it unquoted into a shell script inside of a GHA yaml. | ||||||||
| ▲ | benoau an hour ago | parent | next [-] | |||||||
https://github.com/orgs/community/discussions/27065 https://stackoverflow.com/questions/77090044/github-actions-... https://www.praetorian.com/blog/pwn-request-hacking-microsof... All you need is user content containing `backticked`, and a github action referencing that via eg "github.event.issue.title" where the shell would normally execute `backticked` as a command (like echo, cat, etc). | ||||||||
| ▲ | theteapot 2 hours ago | parent | prev [-] | |||||||
I think he means template-injection -- https://woodruffw.github.io/zizmor/audits/#template-injectio... | ||||||||
| ||||||||