Marcransome

**Name of the Vulnerable Software and Affected Versions** fish-shop/syntax-check versions prior to v1.6.12 fish-shop/syntax-check versions prior to v2.0.0 **Description** The issue is related to improper neutralization of delimiters in the `pattern` input, specifically the command separator `;` and command substitution characters `(` and `)`. This allows for arbitrary command injection by modification of the input value used in a workflow, potentially exposing or exfiltrating sensitive information from the workflow runner. **Recommendations** For versions prior to v1.6.12, update to version v1.6.12 or the latest release version v2.0.0. For versions prior to v2.0.0, update to version v2.0.0. As a temporary workaround, consider careful control of workflows and the `pattern` input value used by this action to minimize the risk of exploitation.