Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FYI: Using the action like in the example would make you vulnerable to pwn requests #10

Open
ST-DDT opened this issue Jun 20, 2024 · 0 comments

Comments

@ST-DDT
Copy link

ST-DDT commented Jun 20, 2024

The current run-nothing action is safe, but running anything in there that uses the source code is dangerous as it uses elevated permissions.
I'll recommend rewriting/removing the checkout or raising awareness by adding a comment.

- name: Checkout
uses: actions/checkout@v4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant