skip to content
Back to
Home Bounties Research Advisories CodeQL Wall of Fame Get Involved Events
July 26, 2023

GHSL-2023-109: GitHub Actions command injection in a TDesign Vue Next workflow

Jorge Rosillo

Coordinated Disclosure Timeline


TDesign Vue Next repository is vulnerable to an Actions command injection in auto-release.yml.


TDesign Vue Next

Tested Version

🌈 1.3.2


Actions command injection in auto-release.yml (GHSL-2023-109)

The auto-release.yml workflow is triggered on issue_comment (i.e., when a when a comment inside an Issue or Pull Request is created or updated). The workflow starts with full write-permissions GitHub repository token since the default workflow permissions on Organization/Repository level are set to read-write.

Taking the above into account, this workflow runs the following step with data controlled by said comment (${{ github.event.comment.body }} – the full contents of the comment), allowing an attacker to take over the GitHub Runner to run custom commands and alter the repository.

- name: Commit and push if needed
  run: |
    body='${{ github.event.comment.body }}'
    echo "${txt%%##*}${body}${txt##*---}" >
    git add .
    git config --local "github-actions[bot]"
    git config --local "github-actions[bot]"
    git commit -m "chore: changelog's changes"
    git push
    echo "💾 pushed changelog's changes"

Proof of Concept

  1. Open a Pull Request against tencent/tdesign-vue-next.
  2. Comment the following in the created PR: ## 🌈 '; echo "hello"
  3. Check the workflow runs for the new Actions run that will execute the command echo "hello".


This issue may lead to stealing workflow secrets and modification of the repository.



This issue was discovered and reported by GHSL team member @jorgectf (Jorge Rosillo).


You can contact the GHSL team at, please include a reference to GHSL-2023-109 in any communication regarding this issue.