Hello maintainers,
I would like to report a potential vulnerability in your GitHub CI workflows.
Affected files:
- aram-devdocs/openflow/.github/workflows/claude-code-review.yml
Vulnerability:
- In job 'claude-review', step 'Get PR number and build prompt', the attacker-controlled input '${{ github.event.comment.body }}' is spliced into the run shell script, leading to direct command execution.
Thank you for your time and for maintaining this project.
Hello maintainers,
I would like to report a potential vulnerability in your GitHub CI workflows.
Affected files:
Vulnerability:
Thank you for your time and for maintaining this project.