Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: prevent command injection in GHA workflow (#27)
a specially crafted tag, e.g. `docker/v0.0.0;$(cat${IFS}/etc/passwd)#`, could be used to execute arbitrary code in the context of the workflow. related: - https://wearezeta.atlassian.net/wiki/spaces/SC/pages/1216053328/How+to+avoid+Command+Injection+via+Github+Actions+or+CI+jobs+in+general - https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#example-of-a-script-injection-attack
- Loading branch information