Skip to content

Use of `set-env` Runner commands which are processed via stdout

Moderate
rlespinasse published GHSA-7f32-hm4h-w77q Oct 7, 2020

Package

actions github-slug-action (GitHub Actions)

Affected versions

<=1.1.0, <=2.1.0

Patched versions

1.1.1, 2.1.1

Description

Impact

This GitHub Action use set-env runner commands which are processed via stdout related to GHSA-mfwh-5m23-j46w

Patches

The following versions use the recommended Environment File Syntax.

  • 2.1.1
  • 1.1.1

Workarounds

None, it is strongly suggested that you upgrade as soon as possible.

For more information

If you have any questions or comments about this advisory:

Severity

Moderate

CVE ID

CVE-2020-15228

Weaknesses

No CWEs

Credits