GitHub fixes ‘high severity’ security flaw spotted by Google – ZDNet

GitHub has finally fixed a high severity security flaw reported to it by Google Project Zero more than three months ago. 
The bug affected GitHub’s Actions feature a developer workflow automation tool that Google Project Zero researcher Felix Wilhelm said was “highly vulnerable to injection attacks”. GitHub’s Actions support a feature called workflow commands as a communication channel between the Action runner and the executed action.  
While Google described it as a ‘high severity’ bug, GitHub…

Click here to view the original article.