Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suggest replacing pull_request_target in branches as well as main #1792

Open
forestmonster opened this issue Apr 4, 2024 · 0 comments
Open

Suggest replacing pull_request_target in branches as well as main #1792

forestmonster opened this issue Apr 4, 2024 · 0 comments

Comments

@forestmonster
Copy link

As in #1790, the same issue can occur in any PRs that were opened before remediation in your main branch. This could mean that other branches are vulnerable. We recommend that you ensure a manual review step remains enabled, and review GitHub's best practices for unprivileged workflows in order to prevent exploitation using Pwn Request. From that document,

All PRs that were opened before a fix was made to the vulnerable workflow will use the version of the workflow as it existed at the time the PR was opened. That means that if there is a pending PR, any updates to the PR may still abuse the vulnerable workflow.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@forestmonster