CVE-2020-14188

Name of the Vulnerable Software and Affected Versions Atlassian gajira-create GitHub Action versions prior to 2.0.1

Description The issue allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue. This is due to a problem in the preprocessArgs function. An attacker can exploit this to run arbitrary code.

Recommendations For versions prior to 2.0.1, update to version 2.0.1 to resolve the issue. As a temporary workaround, consider restricting the creation of GitHub issues to minimize the risk of exploitation.