CVE-2020-14188

Summary

The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue.

Affected Software

VendorProductVersion RangeStatus
Atlassiangajira-createunspecified < 2.0.1affected

Weaknesses

  • Template Injection

ADP Enrichment

CVE Program Container

Additional References

References