We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
An attacker can execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue.
This issue is patched in gajira-create version 2.0.1.
There are no known workarounds.
GitHub Security Lab advisory GHSL-2020-172
JarLob Analyst
Impact
An attacker can execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue.
Patches
This issue is patched in gajira-create version 2.0.1.
Workarounds
There are no known workarounds.
References
GitHub Security Lab advisory GHSL-2020-172