Hello maintainers,
I would like to report a potential vulnerability in your GitHub CI workflows.
Affected files:
- swcstudio/katalyst/.github/workflows/issue-automation.yml
Vulnerability:
- In job 'ai-task-orchestration', step 'Execute AI task', attacker-controlled input from 'github.event.comment.body' is extracted in step 'Parse AI command' and then unsafely spliced into JavaScript string literals. This allows an authorized user to execute arbitrary code within the github-script context.
Thank you for your time and for maintaining this project.
Hello maintainers,
I would like to report a potential vulnerability in your GitHub CI workflows.
Affected files:
Vulnerability:
Thank you for your time and for maintaining this project.