The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree
Prisma Clud
SEPTEMBER 14, 2023
Get an in-depth look at the attack vectors, technical details and a real-world demo in this blog post highlighting our latest research. The common format for calling an action follows {owner}/{repo}@{ref}. The “ref” key has three forms: 1. Reference a tag. Next, the worm tries to overwrite the latest created tag.
Let's personalize your content