Use of a known vulnerable action¶

ID: actions/vulnerable-action
Kind: problem
Security severity: 7.5
Severity: error
Precision: high
Tags:
   - actions
   - security
   - external/cwe/cwe-1395
Query suites:
   - actions-code-scanning.qls
   - actions-security-extended.qls
   - actions-security-and-quality.qls

Click to see the query in the CodeQL repository

Overview¶

The security of the workflow and the repository could be compromised by GitHub Actions workflows that utilize GitHub Actions with known vulnerabilities.

Recommendation¶

Either remove the component from the workflow or upgrade it to a version that is not vulnerable.

References¶

GitHub Docs: Keeping your actions up to date with Dependabot.

© GitHub, Inc.
Terms
Privacy