Summary
A GitHub Actions workflow uses untrusted user input from issue_comment.body directly inside a shell command, allowing potential command injection and arbitrary code execution on the runner.
Details
The workflow is triggered by issue_comment, which can be controlled by external users.
In the following step:
echo identifiers=$(echo "${{ github.event.comment.body }}" | grep -oE '@njzjz-bot .*' | head -n1 | cut -c12- | xargs) >> $GITHUB_OUTPUTthe value of github.event.comment.body is directly interpolated into a shell command inside run:.
Since GitHub Actions evaluates ${{ }} before execution, attacker-controlled input is injected into the shell context without sanitization. This creates a command injection risk.
Additionally, the extracted value is later reused in another step that constructs output using backticks:
echo '@${{ github.event.comment.user.login }} Here is the BibTeX entry for `${{ steps.extract-identifiers.outputs.identifiers }}`:'which may further propagate unsafe content.
PoC
- Go to an issue in the repository
- Post a comment such as:
@njzjz-bot paper123" ) ; whoami ; #
- Observe whether the command is executed or reflected in logs/output
The injected payload successfully breaks out of the quoted context and executes arbitrary shell commands.
As shown in the workflow logs, the injected whoami command is executed, and the output (runner) is printed. This confirms that attacker-controlled input from github.event.comment.body is interpreted as shell commands.
This demonstrates a clear command injection vulnerability in the workflow.
Impact
This issue affects all current versions of the repository as the vulnerable workflow is present in the main branch.
Suggested Fix
Avoid directly interpolating untrusted user input into shell commands.
Instead, pass github.event.comment.body through an environment variable and reference it safely within the script:
- name: Extract identifiers
id: extract-identifiers
env:
COMMENT_BODY: ${{ github.event.comment.body }}
run: |
identifiers=$(echo "$COMMENT_BODY" | grep -oE '@njzjz-bot .*' | head -n1 | cut -c12- | xargs)
echo "identifiers=$identifiers" >> $GITHUB_OUTPUT
### References
- https://github.com/njzjz/wenxian/security/advisories/GHSA-r4fj-r33x-8v88
- https://nvd.nist.gov/vuln/detail/CVE-2026-34243
choseogyeong Reporter
Summary
A GitHub Actions workflow uses untrusted user input from
issue_comment.bodydirectly inside a shell command, allowing potential command injection and arbitrary code execution on the runner.Details
The workflow is triggered by
issue_comment, which can be controlled by external users.In the following step:
the value of
github.event.comment.bodyis directly interpolated into a shell command insiderun:.Since GitHub Actions evaluates
${{ }}before execution, attacker-controlled input is injected into the shell context without sanitization. This creates a command injection risk.Additionally, the extracted value is later reused in another step that constructs output using backticks:
which may further propagate unsafe content.
PoC
@njzjz-bot paper123" ) ; whoami ; #The injected payload successfully breaks out of the quoted context and executes arbitrary shell commands.
As shown in the workflow logs, the injected
whoamicommand is executed, and the output (runner) is printed. This confirms that attacker-controlled input fromgithub.event.comment.bodyis interpreted as shell commands.This demonstrates a clear command injection vulnerability in the workflow.
Impact
Remote attackers can inject arbitrary shell commands via issue comments
Potential impacts:
GITHUB_TOKENThis issue affects all current versions of the repository as the vulnerable workflow is present in the main branch.
Suggested Fix
Avoid directly interpolating untrusted user input into shell commands.
Instead, pass
github.event.comment.bodythrough an environment variable and reference it safely within the script: