Kana Dojo
Monthly
Command injection in KanaDojo's GitHub Actions release workflow (release.yml) allows attackers who can land a pull request to execute arbitrary commands on the repository's CI runner. The version and changes fields of patchNotesData.json are interpolated unsanitized into a child_process.execSync() call, granting any merged malicious PR access to GITHUB_TOKEN and contents:write permissions. No public exploit identified at time of analysis, but the supply-chain blast radius is significant for downstream KanaDojo consumers.
Sandbox escape leading to remote code execution affects KanaDojo (lingdojo/kana-dojo) before version 0.1.18, where the issue-auto-respond.yml GitHub Actions workflow passes the global require function into a Node.js vm.runInNewContext() sandbox. An attacker submitting a pull request that modifies messages.cjs can load arbitrary Node.js modules from within the sandbox and gain code execution on the Actions runner with access to AUTOMATION_PR_TOKEN. No public exploit identified at time of analysis, though the VulnCheck advisory documents the exploitation primitive in detail.
Command injection in KanaDojo's GitHub Actions release workflow (release.yml) allows attackers who can land a pull request to execute arbitrary commands on the repository's CI runner. The version and changes fields of patchNotesData.json are interpolated unsanitized into a child_process.execSync() call, granting any merged malicious PR access to GITHUB_TOKEN and contents:write permissions. No public exploit identified at time of analysis, but the supply-chain blast radius is significant for downstream KanaDojo consumers.
Sandbox escape leading to remote code execution affects KanaDojo (lingdojo/kana-dojo) before version 0.1.18, where the issue-auto-respond.yml GitHub Actions workflow passes the global require function into a Node.js vm.runInNewContext() sandbox. An attacker submitting a pull request that modifies messages.cjs can load arbitrary Node.js modules from within the sandbox and gain code execution on the Actions runner with access to AUTOMATION_PR_TOKEN. No public exploit identified at time of analysis, though the VulnCheck advisory documents the exploitation primitive in detail.