Using GitHub Actions ? Be Aware of this High-Severity Injection Bug Found in GitHub Actions - podcast episode cover

Using GitHub Actions ? Be Aware of this High-Severity Injection Bug Found in GitHub Actions

The Backend Engineering Show with Hussein Nasser
Nov 23, 20209 min
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Felix Wilhelm of Google Project Zero found an injection Vulnerability affecting GitHub Actions and Workflow Commands specifically related to setting malicious environment variables by parsing STDOUT

Resources

https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/

https://bugs.chromium.org/p/project-zero/issues/detail?id=2070&can=2&q=&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary&cells=ids

https://www.zdnet.com/article/google-to-github-times-up-this-unfixed-high-severity-security-bug-affects-developers/


For the best experience, listen in Metacast app for iOS or Android