Impact
An attacker can execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue.
Patches
This issue is patched in gajira-create version 2.0.1.
Workarounds
There are no known workarounds.
An open API service providing security vulnerability metadata for many open source software ecosystems.
Affected Packages | Affected Versions | Fixed Versions | |
---|---|---|---|
actions:atlassian/gajira-create | < 2.0.1 | 2.0.1 | |
|
An attacker can execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue.
This issue is patched in gajira-create version 2.0.1.
There are no known workarounds.