Back to directory

WRITEUP #996

How We Found Another GitHub Action Environment Injection Vulnerability in a Google Project

RCECI/CD

byNoam Dotan

Program

Google (Orbit)

Published

Jul 3, 2023

Added to HackDex

Jul 4, 2023

Read Full Writeuphttps://www.legitsecurity.com/blog/-how-we-found-another-github-action-environment-injection-vulnerability-in-a-google-project

▸ RELATED WRITEUPS

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package

RCEDependency confusion

Attacking PowerShell CLIXML Deserialization

DeserializationInsecure deserialization

Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS

RCEArbitrary file write

We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI

Built with ❤️ by Shubham Rawat