GHSA-g85v-wf27-67xc: Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`

GHSA-8495-4g3g-x7pr: aiohttp allows request smuggling due to incorrect parsing of chunk extensions

GHSA-27mf-ghqm-j3j8: aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method

GHSA-jp37-5qhw-mffw: Sharks has a Bias of Polynomial Coefficients in Secret Sharing

GHSA-vggm-3478-vm5m: Graylog concurrent PDF report rendering can leak other users' reports

### Impact
An attacker can execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue.

### Patches
This issue is patched in gajira-create version 2.0.1.

### Workarounds
There are no known workarounds.

### References
[GitHub Security Lab advisory GHSL-2020-172](https://securitylab.github.com/advisories/GHSL-2020-172-gajira-create-action)

**gajira-create GitHub action vulnerable to arbitrary code execution**

Critical severity GitHub Reviewed Published Oct 7, 2022 in atlassian/gajira-create • Updated Oct 7, 2022

Headline

GHSA-4xqx-pqpj-9fqw: gajira-create GitHub action vulnerable to arbitrary code execution

Impact

Patches

Workarounds

References

ghsa: Latest News