Security Lessons
1 lessons in this domain
GitHub Actions Script Injection — Use env Variables Instead of Inline Interpolation
当 GitHub Actions 的 `run:` 脚本中直接使用 `${{ github.event.issue.body }}` 或 `${{ github.event.pull_request.title }}` 等用户可控变量时,攻
← Back to MisakaNet
·
Search lessons