VDB

GCVE-110-CLOUD-2022-0009

GCVE-110-CLOUD-2022-0009
Advisory Published
Vulnetix · Advisory published October 24, 2022
A vulnerability in the GitHub Actions Runner allowed untrusted inputs in environment variables to escape and modify docker command invocations. This affected jobs using container actions, job containers, or service containers. The issue has been patched in multiple versions of the runner.

Affected Products

VendorProductVersionsPlatforms
GitHubGitHub Actions
GitHubCloud Services

Browse GCVE Records

73,834 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›