minus-squareThinker@lemmy.worldtoProgramming@programming.dev•Malicious code injection by compromised pull request branch nameslinkfedilinkarrow-up0·17 days agoDing ding ding! We have a winner! It’s a third-party GitHub Action that is passing the branch name directly to Bash. So to be clear, not GitHub’s fault. linkfedilink
Ding ding ding! We have a winner!
It’s a third-party GitHub Action that is passing the branch name directly to Bash. So to be clear, not GitHub’s fault.