issues
search
MinoruSekine
/
setup-scoop
GitHub Actions to install apps to Windows runner by scoop
https://github.com/marketplace/actions/setup-scoop
GNU Affero General Public License v3.0
11
stars
7
forks
source link
Unexpected injections by `buckets` parameter without any validation.
#29
Closed
MinoruSekine
closed
8 months ago
MinoruSekine
commented
8 months ago
Now (
@v2
) buckets parameter is passed directly to
scoop
Unexpected and evil
buckets
parameters will cause free PowerShell command line execution
scoop bucket known
command can list well-known buckets, it can be used for validate
buckets
parameters
@v2) buckets parameter is passed directly toscoopbucketsparameters will cause free PowerShell command line executionscoop bucket knowncommand can list well-known buckets, it can be used for validatebucketsparameters