all InfoSec News
Compromising ByteDance’s RSPack using GitHub Actions Vulnerabilities
Blog - Praetorian www.praetorian.com
Overview Recently, we identified several critical Pwn Request vulnerabilities within GitHub Actions used by the Rspack repository. These vulnerabilities could allow an external attacker to submit a malicious pull request, without the requirement of being a prior contributor to the repository, and compromise the following secrets: NPM Deployment Token Compromise: Exploitation of the Pwn Request […]
The post Compromising ByteDance’s RSPack using GitHub Actions Vulnerabilities appeared first on Praetorian.
actions attacker bytedance bytedance rspack compromise critical deployment exploitation external github github actions malicious npm pwn request repository request secrets token vulnerabilities vulnerability research