{"id":9001,"date":"2025-07-25T23:44:56","date_gmt":"2025-07-25T23:44:56","guid":{"rendered":"http:\/\/localhost\/?p=9001"},"modified":"2025-07-25T23:44:56","modified_gmt":"2025-07-25T23:44:56","slug":"tj-actionsbranch-names-contains-command-injection-vulnerability","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=9001","title":{"rendered":"tj-actions\/branch-names Contains Command Injection Vulnerability"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\ntj-actions\/branch-names Contains Command Injection Vulnerability<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-26T03:34:31.288Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-26T03:34:31.288Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\ntj-actions<\/td>\n<\/tr>\n
Product<\/th>\nbranch-names<\/td>\n<\/tr>\n
Version<\/th>\n< 9.0.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n9.1 (CRITICAL)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:L\/A:L<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA critical command injection vulnerability in tj-actions\/branch-names GitHub Action allows arbitrary command execution in downstream workflows due to improper input sanitization. This issue is fixed in version 9.0.0.<\/td>\n<\/tr>\n
AI Severity<\/th>\nCritical<\/td>\n<\/tr>\n
AI Vendor<\/th>\ntj-actions<\/td>\n<\/tr>\n
AI Product<\/th>\ntj-actions\/branch-names<\/td>\n<\/tr>\n
AI Version<\/th>\nversions below 9.0.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n