GHSA-C3XH-98XP-6QHF

Vulnerability from github – Published: 2026-06-19 22:10 – Updated: 2026-06-19 22:10
VLAI
Summary
githubtoplanguages: Command Injection via Issue Title in Discord Notification Workflow
Details

Summary

A GitHub Actions workflow is vulnerable to command injection through the issue title.

The workflow is triggered when an issue is opened or closed, and it directly inserts github.event.issue.title into a Bash variable assignment. If an issue title contains command substitution syntax, Bash evaluates it during the workflow run.

Details

The vulnerable workflow is:

.github/workflows/discord-issue.yml

The issue title is directly interpolated into a Bash script:

ISSUE_TITLE="${{ github.event.issue.title || github.event.pull_request.title }}"

Because GitHub Actions expressions are expanded before Bash executes the script, an attacker-controlled issue title containing command substitution syntax can be evaluated by the shell.

In the original workflow, the resulting value is then included in a Discord notification payload:

curl -H "Content-Type: application/json" \
  -X POST \
  -d "{\"username\": \"GitHub Bot\", \"content\": \"${STATUS} created by **${AUTHOR}**: **${ISSUE_TITLE}**\n🔗 ${ISSUE_URL}\"}" \
  "$DISCORD_WEBHOOK"

PoC

For safety, I reproduced this only in my fork. I did not trigger the original repository’s Discord webhook.

I kept the vulnerable Bash assignment unchanged and replaced the Discord webhook request with echo statements to observe the result safely.

Test issue title:

title: $(whoami)

Observed workflow log:

ISSUE_TITLE=title: runner

This confirms that $(whoami) was executed on the GitHub Actions runner before the value would be sent to Discord.

Impact

Any user who can open an issue may be able to execute shell commands on the GitHub Actions runner.

In practice, this means an attacker could create an issue with a crafted title, cause the workflow to execute a shell command, and have the command output included in the Discord notification content. This can be used to manipulate Discord notifications, spoof trusted GitHub bot messages, or repeatedly trigger unwanted notifications.

More importantly, the command runs in a workflow environment where a Discord webhook secret is configured. Depending on repository settings and workflow permissions, this may put workflow secrets or other environment data at risk.

Suggested Fix

Do not insert issue titles directly into Bash scripts.

Pass the title through an environment variable instead:

env:
  ISSUE_TITLE: ${{ github.event.issue.title }}
run: |
  issue_title="$ISSUE_TITLE"

Also avoid eval, unquoted variable expansion, or shell execution patterns involving user-controlled issue content.

Severity
7.1 (High)
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "GitHub Actions",
        "name": "gouef/githubtoplanguages"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-19T22:10:31Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\n\nA GitHub Actions workflow is vulnerable to command injection through the issue title.\n\nThe workflow is triggered when an issue is opened or closed, and it directly inserts `github.event.issue.title` into a Bash variable assignment. If an issue title contains command substitution syntax, Bash evaluates it during the workflow run.\n\n\n### Details\n\nThe vulnerable workflow is:\n\n`.github/workflows/discord-issue.yml`\n\nThe issue title is directly interpolated into a Bash script:\n\n```bash\nISSUE_TITLE=\"${{ github.event.issue.title || github.event.pull_request.title }}\"\n```\n\nBecause GitHub Actions expressions are expanded before Bash executes the script, an attacker-controlled issue title containing command substitution syntax can be evaluated by the shell.\n\nIn the original workflow, the resulting value is then included in a Discord notification payload:\n\n```bash\ncurl -H \"Content-Type: application/json\" \\\n  -X POST \\\n  -d \"{\\\"username\\\": \\\"GitHub Bot\\\", \\\"content\\\": \\\"${STATUS} created by **${AUTHOR}**: **${ISSUE_TITLE}**\\n\ud83d\udd17 ${ISSUE_URL}\\\"}\" \\\n  \"$DISCORD_WEBHOOK\"\n```\n\n### PoC\n\nFor safety, I reproduced this only in my fork. I did not trigger the original repository\u2019s Discord webhook.\n\nI kept the vulnerable Bash assignment unchanged and replaced the Discord webhook request with `echo` statements to observe the result safely.\n\nTest issue title:\n\n```text\ntitle: $(whoami)\n```\n\nObserved workflow log:\n\n```text\nISSUE_TITLE=title: runner\n```\n\nThis confirms that `$(whoami)` was executed on the GitHub Actions runner before the value would be sent to Discord.\n\n### Impact\n\nAny user who can open an issue may be able to execute shell commands on the GitHub Actions runner.\n\nIn practice, this means an attacker could create an issue with a crafted title, cause the workflow to execute a shell command, and have the command output included in the Discord notification content. This can be used to manipulate Discord notifications, spoof trusted GitHub bot messages, or repeatedly trigger unwanted notifications.\n\nMore importantly, the command runs in a workflow environment where a Discord webhook secret is configured. Depending on repository settings and workflow permissions, this may put workflow secrets or other environment data at risk.\n\n### Suggested Fix\n\nDo not insert issue titles directly into Bash scripts.\n\nPass the title through an environment variable instead:\n\n```yaml\nenv:\n  ISSUE_TITLE: ${{ github.event.issue.title }}\nrun: |\n  issue_title=\"$ISSUE_TITLE\"\n```\n\nAlso avoid `eval`, unquoted variable expansion, or shell execution patterns involving user-controlled issue content.",
  "id": "GHSA-c3xh-98xp-6qhf",
  "modified": "2026-06-19T22:10:31Z",
  "published": "2026-06-19T22:10:31Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/gouef/githubtoplanguages/security/advisories/GHSA-c3xh-98xp-6qhf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gouef/githubtoplanguages/commit/157840482e592bd4f8e0617539e73cdbef26f1ac"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/gouef/githubtoplanguages"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "githubtoplanguages: Command Injection via Issue Title in Discord Notification Workflow"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.