writeups.xyz / How We Found Another GitHub Action Environment Injection Vulnerability in a Google Project

Submitter : c2a

Date: 3 July 2023

Bounty : undisclosed

Vulnerabilities :

• CI/CD
• RCE

Programs :

• Google (Orbit)

Authors :

• Noam Dotan

Link :
https://www.legitsecurity.com/blog/-how-we-found-another-github-action-environment-injection-vulnerability-in-a-google-project