An attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses ${{vars.*}} or ${{inputs.*}} substitutions in working-directory. The field is embedded into shell scripts without proper quote escaping.

Fix: Fixed with e51ca30c, Released.

melange thanks Oleh Konko from 1seal for discovering and reporting this issue.