Critical command injection vulnerability in GitHub actions workflow
Package
No package listed
Affected versions
Commits prior to a0384f3
Patched versions
Commit a0384f3
Description
|
Hi Matt,
I was able to inject commands in my lab (using the exact workflow) by using
backticks, which are evaluated first.
…On Thu, Sep 4, 2025 at 6:32 AM Matt Rubens ***@***.***> wrote:
Hi @yaronav <https://github.com/yaronav>, thank you for reporting this!
I've gone ahead and deleted the file in question.
That said, I thought that the jq along with the double quotes actually
escaped the interpolated values. Did you find a way to get it to actually
run the commands?
Thanks,
Matt
—
Reply to this email directly, view it on GitHub
<https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-xr6r-vj48-29f6#advisory-comment-136943>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AJKN76T7K3ZYDZL5GIMT6TD3Q6XFRAVCNFSM6AAAAACFJZBI4WVHI2DSMVQWIX3LMV45UABAKJSXA33TNF2G64TZIFSHM2LTN5ZHSQ3PNVWWK3TUHMYTGNRZGQZQ>
.
You are receiving this because you are either an administrator on
RooCodeInc/Roo-Code, or a collaborator on GHSA-xr6r-vj48-29f6.Message ID:
***@***.***
com>
|
Credits
-
yaronav Reporter
Summary
A critical command injection vulnerability was discovered in the discord-pr-notify.yml GitHub Actions workflow of the RooCodeInc/Roo-Code repository. The workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution (RCE) on the Actions runner.
Impact
The vulnerability’s impact is severe due to the workflow running with broad permissions and access to repository secrets. An attacker could:
This could result in a complete compromise of the repository and its associated services.
Resolution
The vulnerable workflow has been removed, and all affected secrets have been rotated.