writeups.xyz / GitHub Actions check-spelling community workflow - GITHUB_TOKEN leakage via advice.txt symlink

Submitter : c2a

Date: 8 September 2021

Bounty : undisclosed

Vulnerabilities :

Programs :

GitHub

Authors :

Justin Steven (@Justinsteven)

Link :
https://github.com/justinsteven/advisories/blob/master/2021_github_actions_checkspelling_token_leak_via_advice_symlink.md