search

convictional / trigger-workflow-and-wait

Trigger a workflow in another (or same) repository and wait for the job to finish.
MIT License
319 stars 150 forks source link

Command Injection Bug #70

Closed ghost closed 1 year ago

ghost commented 1 year ago

sleep call on line 87 of entrypoint.sh is vulnerable to command injection via the INPUT_WAIT_INTERVAL environment variable. See Pull request #69 for related fix.

samuelbeyeler commented 1 year ago

Closed by #69