GHSA-6p2j-742g-835f
MEDIUMactions-mkdocs: Command Injection via issue title in internal GitHub Actions workflow
Blast Radius
Tiryoh/actions-mkdocsReal-time download stats are indexed for npm and PyPI packages. This vulnerability affects GitHub Actions packages — download data is not available via public APIs for these ecosystems.
Description
Summary
External input from github.event.issue.title is used unsafely in a shell command in .github/workflows/release-candidate.yaml, allowing command injection during workflow execution.
Details
In .github/workflows/release-candidate.yaml, the issue title is interpolated directly into a shell command:
export VERSION=$(echo ${{ github.event.issue.title }} | sed -E 's/Release v?([0-9\.]*)/\1/g')
Because the issue title is attacker-controlled and is embedded directly into a shell command, shell metacharacters such as command substitution ($()) and command separators (;) can be interpreted by the shell.
Although the workflow checks that the title starts with Release , this condition can still be satisfied by a maliciously crafted input.
PoC
-
Create or edit an issue with the following title:
Release v1.2.3 $(whoami) -
Trigger the workflow that processes the issue.
-
Observe that the injected command is executed on the runner.
The workflow logs show that $(whoami) is evaluated and its output (runner) appears in the command result, confirming that attacker-controlled input is executed within the shell.
Impact
This vulnerability allows command injection in the GitHub Actions runner through attacker-controlled issue titles. An attacker may be able to execute arbitrary commands within the context of the affected workflow job.
Depending on the workflow configuration (such as permissions and available secrets), successful exploitation could lead to:
- Unauthorized command execution in the CI environment
- Misuse of the
GITHUB_TOKEN - Modification of repository state, release artifacts, or other workflow outputs
If the repository is public and allows untrusted users to create or reopen issues that trigger the workflow, this may be exploitable by external users.
This issue is limited to the repository's internal workflow configuration and does not directly affect downstream users of the published actions-mkdocs GitHub Action.
Affected Packages
| Ecosystem | Package | Vulnerable range | Fix |
|---|---|---|---|
| 📦GitHub Actions | Tiryoh/actions-mkdocs | all versions | 0.25.0 |
Detection & mitigation playbook
Open-source dependencyDetect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for Tiryoh/actions-mkdocs. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update Tiryoh/actions-mkdocs to 0.25.0 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-6p2j-742g-835f is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-6p2j-742g-835f is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.
Tailored to GHSA-6p2j-742g-835f. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.
Frequently Asked Questions
Is GHSA-6p2j-742g-835f in your dependencies?
O3 detects GHSA-6p2j-742g-835f across GitHub Actions dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.