Sheldan@programming.dev to Programming@programming.dev · 21 days agoMalicious code injection by compromised pull request branch namesgithub.comexternal-linkmessage-square14fedilinkarrow-up185arrow-down12
arrow-up183arrow-down1external-linkMalicious code injection by compromised pull request branch namesgithub.comSheldan@programming.dev to Programming@programming.dev · 21 days agomessage-square14fedilink
minus-squareThinker@lemmy.worldlinkfedilinkarrow-up19·21 days agoDing ding ding! We have a winner! It’s a third-party GitHub Action that is passing the branch name directly to Bash. So to be clear, not GitHub’s fault.
Ding ding ding! We have a winner!
It’s a third-party GitHub Action that is passing the branch name directly to Bash. So to be clear, not GitHub’s fault.