{"id":"GHSA-r4fj-r33x-8v88","summary":"wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body` ","details":"#### Summary\n\nA GitHub Actions workflow uses untrusted user input from `issue_comment.body` directly inside a shell command, allowing potential command injection and arbitrary code execution on the runner.\n\n#### Details\n\nThe workflow is triggered by `issue_comment`, which can be controlled by external users.\nIn the following step:\n\n```bash\necho identifiers=$(echo \"${{ github.event.comment.body }}\" | grep -oE '@njzjz-bot .*' | head -n1 | cut -c12- | xargs) \u003e\u003e $GITHUB_OUTPUT\n```\n\nthe value of `github.event.comment.body` is directly interpolated into a shell command inside `run:`.\n\nSince GitHub Actions evaluates `${{ }}` before execution, attacker-controlled input is injected into the shell context without sanitization. This creates a command injection risk.\n\nAdditionally, the extracted value is later reused in another step that constructs output using backticks:\n\n```bash\necho '@${{ github.event.comment.user.login }} Here is the BibTeX entry for `${{ steps.extract-identifiers.outputs.identifiers }}`:'\n```\n\nwhich may further propagate unsafe content.\n\n#### PoC\n\n1. Go to an issue in the repository\n2. Post a comment such as:\n\n`@njzjz-bot paper123\" ) ; whoami ; #\n`\n\n3. Observe whether the command is executed or reflected in logs/output\n\u003cimg width=\"658\" height=\"203\" alt=\"poc\" src=\"https://github.com/user-attachments/assets/084ac264-8cb9-4721-8279-26a1da9b891f\" /\u003e\n\nThe injected payload successfully breaks out of the quoted context and executes arbitrary shell commands.\n\nAs shown in the workflow logs, the injected `whoami` command is executed, and the output (`runner`) is printed. This confirms that attacker-controlled input from `github.event.comment.body` is interpreted as shell commands.\n\nThis demonstrates a clear command injection vulnerability in the workflow.\n\n#### Impact\n\n* Remote attackers can inject arbitrary shell commands via issue comments\n* Potential impacts:\n\n  * Execution of arbitrary commands in GitHub Actions runner\n  * Access to `GITHUB_TOKEN`\n  * Exfiltration of repository data\n  * CI/CD pipeline compromise\n\n\nThis issue affects all current versions of the repository as the vulnerable workflow is present in the main branch.\n\n### Suggested Fix\n\nAvoid directly interpolating untrusted user input into shell commands.\n\nInstead, pass `github.event.comment.body` through an environment variable and reference it safely within the script:\n\n```yaml\n- name: Extract identifiers\n  id: extract-identifiers\n  env:\n    COMMENT_BODY: ${{ github.event.comment.body }}\n  run: |\n    identifiers=$(echo \"$COMMENT_BODY\" | grep -oE '@njzjz-bot .*' | head -n1 | cut -c12- | xargs)\n    echo \"identifiers=$identifiers\" \u003e\u003e $GITHUB_OUTPUT","aliases":["CVE-2026-34243"],"modified":"2026-03-31T19:04:50.415845Z","published":"2026-03-29T15:39:56Z","database_specific":{"github_reviewed_at":"2026-03-29T15:39:56Z","cwe_ids":["CWE-20","CWE-77","CWE-78"],"severity":"CRITICAL","github_reviewed":true,"nvd_published_at":"2026-03-31T16:16:33Z"},"references":[{"type":"WEB","url":"https://github.com/njzjz/wenxian/security/advisories/GHSA-r4fj-r33x-8v88"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34243"},{"type":"PACKAGE","url":"https://github.com/njzjz/wenxian"}],"affected":[{"package":{"name":"njzjz/wenxian","ecosystem":"GitHub Actions"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"0.3.1"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-r4fj-r33x-8v88/GHSA-r4fj-r33x-8v88.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}