Eliihen

**Name of the Vulnerable Software and Affected Versions** kartverket/github-workflows versions prior to 2.7.5 **Description** The issue is a code injection vulnerability that affects all users of the `run-terraform` reusable workflow from the kartverket/github-workflows repo. A malicious actor could potentially send a PR with a malicious payload, leading to the execution of arbitrary JavaScript code in the context of the workflow. **Recommendations** For versions prior to 2.7.5, upgrade to at least version 2.7.5 to resolve the issue. As a temporary workaround, review any pull requests from external users for malicious payloads before allowing them to trigger a build.