Rjdbcmp

**Name of the Vulnerable Software and Affected Versions** OZI action versions 1.13.2 through 1.13.5 **Description** The OZI action, a GitHub Action for publishing releases to PyPI, has a flaw where potentially untrusted data flows into PR creation logic. This allows a malicious actor to construct a branch name that injects arbitrary code. **Recommendations** For versions 1.13.2 through 1.13.5, update to version 1.13.6 to resolve the issue. As a temporary workaround for versions 1.13.2 through 1.13.5, consider downgrading to a version prior to 1.13.2.