We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects arbitrary code.
This is patched in 1.13.6
Downgrade to <1.13.2
Impact
Potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects arbitrary code.
Patches
This is patched in 1.13.6
Workarounds
Downgrade to <1.13.2
References