CNNVD-202507-3370 Information
CNNVD ID
CNNVD-202507-3370
Related CVE
- CNNVD Published: 2025-07-26
Description (Chinese)
branch-names是tj-actions开源的一个用于检索分支或标签名称的工具。 branch-names 8.2.1及之前版本存在命令注入漏洞,该漏洞源于输入清理和输出转义不足,可能导致任意命令执行。
Description (English)
Blanch-names is a tool for searching branch or label names from an open source of tj-actions. branch-names 8.2.1 and previous versions of commands inject a loophole, which arises from inadequate input clean-up and export conversion, which may result in arbitrary orders being executed.
Hazard Level
Low
Vulnerability Type
命令注入
Affected Vendor
tj-actions
Published
2025-07-26
Last Modified
2026-02-24
References
https://github.com/tj-actions/branch-names/commit/e497ceb8ccd43fd9573cf2e375216625bc411d1f https://github.com/tj-actions/branch-names/releases/tag/v9.0.0 https://github.com/tj-actions/branch-names/security/advisories/GHSA-gq52-6phf-x2r6 https://access.redhat.com/security/cve/cve-2025-54416
Patch
https://github.com/tj-actions/branch-names/releases
Share on: