Vulnerabilities > GIT TAG Annotation Action Project

DATE CVE VULNERABILITY TITLE RISK
2020-10-26 CVE-2020-15272 Unspecified vulnerability in Git-Tag-Annotation-Action Project Git-Tag-Annotation-Action 1.0.0
In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to alter the value of [the `GITHUB_REF` environment variable].
network
low complexity
git-tag-annotation-action-project
critical
9.6