Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03ZjMyLWhtNGgtdzc3cc4AA5Cs
github-slug-action use of `set-env` Runner commands which are processed via stdout
Impact
This GitHub Action use set-env runner commands which are processed via stdout related to GHSA-mfwh-5m23-j46w
Patches
The following versions use the recommended Environment File Syntax.
- 2.1.1
- 1.1.1
Workarounds
None, it is strongly suggested that you upgrade as soon as possible.
For more information
If you have any questions or comments about this advisory:
- Open an issue in rlespinasse/github-slug-action
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03ZjMyLWhtNGgtdzc3cc4AA5Cs
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 3 months ago
Updated: 3 months ago
Identifiers: GHSA-7f32-hm4h-w77q
References:
- https://github.com/rlespinasse/github-slug-action/security/advisories/GHSA-7f32-hm4h-w77q
- https://github.com/advisories/GHSA-7f32-hm4h-w77q
Blast Radius: 1.0
Affected Packages
actions:rlespinasse/github-slug-action
Affected Version Ranges: >= 2.0.0, <= 2.1.0, <= 1.1.0Fixed in: 2.1.1, 1.1.1