Code shack describes issue as ‘moderate’ security flaw, plans to disable risky commands gradually

Google’s bug-hunting Project Zero team has posted details of an injection vulnerability in GitHub Actions after refusing a request to postpone disclosure.…

…read more

Source:: TheRegister