VDB

GCVE-110-CLOUD-2022-0018

GCVE-110-CLOUD-2022-0018
Advisory Published
Vulnetix · Advisory published August 12, 2022
The @actions/core package had a delimiter injection vulnerability in the exportVariable function. Attackers could use a known delimiter to break out of a specific variable and assign values to other arbitrary variables. This may have allowed modification of path or environment variables without the intention of workflow or action authors.

Affected Products

VendorProductVersionsPlatforms
GitHubGitHub Actions

Browse GCVE Records

72,664 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›