Google Project Zero to GitHub: You've had 104 days to sort out injection vuln – now we're telling world-plus-dog

Code shack describes issue as 'moderate' security flaw, plans to disable risky commands gradually

Google's bug-hunting Project Zero team has posted details of an injection vulnerability in GitHub Actions after refusing a request to postpone disclosure....