Espressif Shared GitHub DangerJS: Untrusted Search Path in DangerJS Action...

8.2 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

Description

Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary resolution and Node.js module resolution. A fork pull request processed by a pull_request_target workflow could therefore cause fork-supplied code to execute inside the action container in place of the action's own code. This vulnerability is fixed in 1.0.1.

Basic Information

ID CVE-2026-44358

Source GitHub_M

Published May 28, 2026 at 14:28

Affected Product

Vendor espressif

Product shared-github-dangerjs

Version < 1.0.1

Affected Versions espressif shared-github-dangerjs < 1.0.1

CWE Classification

CWE-427 CWE-829

References

{
    "lastseen": "",
    "description": "Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary resolution and Node.js module resolution. A fork pull request processed by a pull_request_target workflow could therefore cause fork-supplied code to execute inside the action container in place of the action's own code. This vulnerability is fixed in 1.0.1.",
    "published": "2026-05-28T14:28:43.310Z",
    "modified": "2026-05-28T14:28:43.310Z",
    "type": "cve",
    "title": "Espressif Shared GitHub DangerJS: Untrusted Search Path in DangerJS Action Entrypoint",
    "source": "GitHub_M",
    "references": "https://github.com/espressif/shared-github-dangerjs/security/advisories/GHSA-wm3p-pv54-6w73\nhttps://github.com/espressif/shared-github-dangerjs/commit/d742408028135ea200982b5b2e3e438dc4e5a25d",
    "id": "CVE-2026-44358",
    "bulletinFamily": "",
    "cwe": [
        "CWE-427",
        "CWE-829"
    ],
    "cvelist": null,
    "sourceData": "espressif shared-github-dangerjs < 1.0.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.2,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "shared-github-dangerjs",
    "version": "< 1.0.1",
    "vendor": "espressif",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Espressif Shared GitHub DangerJS: Untrusted Search Path in DangerJS Action Entrypoint_CVE-2026-44358