Headline
GHSA-7f32-hm4h-w77q: github-slug-action use of `set-env` Runner commands which are processed via stdout
Impact
This GitHub Action use set-env runner commands which are processed via stdout related to GHSA-mfwh-5m23-j46w
Patches
The following versions use the recommended Environment File Syntax.
- 2.1.1
- 1.1.1
Workarounds
None, it is strongly suggested that you upgrade as soon as possible.
For more information
If you have any questions or comments about this advisory:
- Open an issue in rlespinasse/github-slug-action
Package
actions rlespinasse/github-slug-action (GitHub Actions)
Affected versions
<= 1.1.0
>= 2.0.0, <= 2.1.0
Patched versions
1.1.1
2.1.1
Description
Impact
This GitHub Action use set-env runner commands which are processed via stdout related to GHSA-mfwh-5m23-j46w
Patches
The following versions use the recommended Environment File Syntax.
- 2.1.1
- 1.1.1
Workarounds
None, it is strongly suggested that you upgrade as soon as possible.
For more information
If you have any questions or comments about this advisory:
- Open an issue in rlespinasse/github-slug-action
References
- GHSA-7f32-hm4h-w77q
rlespinasse published to rlespinasse/github-slug-action
Oct 7, 2020
Published to the GitHub Advisory Database
Feb 3, 2024
Reviewed
Feb 3, 2024
Last updated
Feb 3, 2024