Misconfigured GH Actions hijack - Low Level - YouTube
(www.youtube.com)
from davidyarbrough@programming.dev to programming@programming.dev on 25 Mar 19:38
https://programming.dev/post/47778884
from davidyarbrough@programming.dev to programming@programming.dev on 25 Mar 19:38
https://programming.dev/post/47778884
Never heard of pull_request_target before today and I think I’m with him, I don’t know what I would possibly use it for that would justify the risk of unreviewed code getting access to build environments. Seems bananas.
#programming
threaded - newest
It was bound to happen, as github actions are mess.
Im just happy that AI bros got hit this time, instead of something important.