Lowericcornelissen

**Name of the Vulnerable Software and Affected Versions** git-tag-annotation-action versions prior to 1.0.1 **Description** The issue allows an attacker to execute arbitrary shell commands if they can control the value of the `tag` input or alter the `GITHUB REF` environment variable. However, the `GITHUB REF` environment variable is protected by the GitHub Actions environment, making attacks from this vector unlikely. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. If updating to version 1.0.1 or later is not possible, and the `tag` input must be used, ensure that its value is not controlled by another Action.