|
|
|
|
|
|
by dboreham
66 days ago
|
|
|
Um ok, but the "setting the name to any string" is not the real problem, which is that an attacker had the ability to write to the repository at all, regardless of the name they choose, no? As I mentioned below, another mitigation for this kind of supply chain attack is to fork the action repos into your own organization to allow tighter control over their content. |
|
|