Compromising ByteDanceβs Rspack using GitHub Actions Vulnerabilities
Overview Recently, we identified several critical Pwn Request vulnerabilities within GitHub Actions used by the Rspack repository. These vulnerabilities could allow an external attacker to submit a malicious pull request, without the requirement of being a prior contributor to the repository, and compromise the following secrets: NPM Deployment Token Compromise: Exploitation of the Pwn Request [β¦]
The post Compromising ByteDanceβs Rspack using GitHub Actions Vulnerabilities appeared first on Praetorian.
The post Compromising ByteDanceβs Rspack using GitHub Actions Vulnerabilities appeared first on Security Boulevard.