Sheldan@programming.dev to Programming@programming.dev · 16 days agoMalicious code injection by compromised pull request branch namesgithub.comexternal-linkmessage-square14fedilinkarrow-up183arrow-down12
arrow-up181arrow-down1external-linkMalicious code injection by compromised pull request branch namesgithub.comSheldan@programming.dev to Programming@programming.dev · 16 days agomessage-square14fedilink
minus-squareThinker@lemmy.worldlinkfedilinkarrow-up19·16 days agoDing ding ding! We have a winner! It’s a third-party GitHub Action that is passing the branch name directly to Bash. So to be clear, not GitHub’s fault.
Ding ding ding! We have a winner!
It’s a third-party GitHub Action that is passing the branch name directly to Bash. So to be clear, not GitHub’s fault.