An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS00eHF4LXBxcGotOWZxd84AAvMB

Critical EPSS: 0.02462% (0.84517 Percentile) EPSS:

gajira-create GitHub action vulnerable to arbitrary code execution

Affected Packages Affected Versions Fixed Versions
actions:atlassian/gajira-create < 2.0.1 2.0.1

Impact

An attacker can execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue.

Patches

This issue is patched in gajira-create version 2.0.1.

Workarounds

There are no known workarounds.

References

GitHub Security Lab advisory GHSL-2020-172

References: