Satishkumar620

**Name of the Vulnerable Software and Affected Versions** OWASP BLT versions prior to 2.1.2 **Description** OWASP BLT is a QA testing and vulnerability disclosure platform. The file `.github/workflows/pre-commit-fix.yaml` uses the `pull request target` privileged trigger but checks out and executes code directly from a fork. This allows for remote code execution (RCE) with write permissions. **Recommendations** Update to version 2.1.2.