Skip to main content

Git Tag Annotation Action

1 CVEs product

Monthly

CVE-2020-15272 CRITICAL PATCH Act Now

In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Git Tag Annotation Action
NVD GitHub
CVSS 3.1
9.6
EPSS
1.2%
EPSS 1% CVSS 9.6
CRITICAL PATCH Act Now

In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Git Tag Annotation Action
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy