Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
CodeQL documentation
CodeQL resources

Use of Actions with known vulnerabilities

ID: actions/vulnerable-action
Kind: problem
Security severity: 7.5
Severity: error
Precision: high
Tags:
   - actions
   - security
   - external/cwe/cwe-1395
Query suites:
   - actions-code-scanning.qls
   - actions-security-extended.qls
   - actions-security-and-quality.qls

Click to see the query in the CodeQL repository

Description

The security of the workflow and the repository could be compromised by GitHub Actions workflows that utilize GitHub Actions with known vulnerabilities.

Recommendations

Either remove the component from the workflow or upgrade it to a version that is not vulnerable.

References

  • © GitHub, Inc.
  • Terms
  • Privacy