Williammartin

**Name of the Vulnerable Software and Affected Versions** gh versions 1.6.0 through 2.91.x **Description** GitHub CLI allows terminal escape sequence injection when users view GitHub Actions workflow logs. The issue occurs because the 'gh run view --log' and 'gh run view --log-failed' commands stream workflow log lines to stdout or a configured pager without sanitizing terminal control sequences. An attacker capable of influencing log content, such as through a pull request triggered workflow, can embed escape sequences. Depending on the terminal emulator used by the victim, these sequences could change the window title, manipulate on-screen content, or potentially execute arbitrary commands in certain emulators like screen. **Recommendations** Update to version 2.92.0.