Workflow re-write vulnerability using input parameter

Low

alexec published GHSA-h563-xh25-x54q

Aug 4, 2021

Package

No package listed

Affected versions

>= v3.1.0

Patched versions

v3.1.6

Description

Impact

Allow end-users to set input parameters, but otherwise expect workflows to be secure.

Patches

Not yet.

Workarounds

Set EXPRESSION_TEMPLATES=false for the workflow controller

References

#6441

For more information

If you have any questions or comments about this advisory:

Open an issue in example link to repo
Email us at example email address