Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Fix GHSL2020-239 [skip ci] #1208

Merged
merged 1 commit into from
Nov 26, 2020
Merged

[BUG] Fix GHSL2020-239 [skip ci] #1208

merged 1 commit into from
Nov 26, 2020

Conversation

pxLi
Copy link
Collaborator

@pxLi pxLi commented Nov 26, 2020

Signed-off-by: Peixin Li pxli@nyu.edu

fix for GHSL2020-239 which found that authorized user could add bash injection into our workflow w/ specific branch name.
The vulnerable step was required by blossom team, so we just keep it.

Tested on my forked repo.

@pxLi
Fix GHSL2020-239
ca73d6b 
Signed-off-by: Peixin Li <pxli@nyu.edu>
@pxLi pxLi added bug Something isn't working build Related to CI / CD or cleanly building labels Nov 26, 2020
@pxLi
Copy link
Collaborator Author

pxLi commented Nov 26, 2020

build

@pxLi pxLi merged commit f628504 into NVIDIA:branch-0.3 Nov 26, 2020
kuhushukla pushed a commit to kuhushukla/spark-rapids that referenced this pull request Nov 30, 2020
@pxLi @kuhushukla
Fix GHSL2020-239 (NVIDIA#1208)
5dfe565 
Signed-off-by: Peixin Li <pxli@nyu.edu>
nartal1 pushed a commit to nartal1/spark-rapids that referenced this pull request Jun 9, 2021
@pxLi
Fix GHSL2020-239 (NVIDIA#1208)
0ee4617 
Signed-off-by: Peixin Li <pxli@nyu.edu>
nartal1 pushed a commit to nartal1/spark-rapids that referenced this pull request Jun 9, 2021
@pxLi
Fix GHSL2020-239 (NVIDIA#1208)
81ea07f 
Signed-off-by: Peixin Li <pxli@nyu.edu>
tgravescs pushed a commit to tgravescs/spark-rapids that referenced this pull request Nov 30, 2023
@nvauto
[submodule-sync] bot-submodule-sync-branch-23.08 to branch-23.08 [ski…
319b2d4 
…p ci] [bot] (NVIDIA#1208)

* Update submodule cudf to ded6122db67ad4676b4d2c1f89f181fa281ba66c

Signed-off-by: spark-rapids automation <70000568+nvauto@users.noreply.github.com>

* Update submodule cudf to c733cc35071805414a26d750805baedab65a35f9

Signed-off-by: spark-rapids automation <70000568+nvauto@users.noreply.github.com>

---------

Signed-off-by: spark-rapids automation <70000568+nvauto@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@GaryShen2008 GaryShen2008 GaryShen2008 approved these changes

Assignees
No one assigned
Labels
bug Something isn't working build Related to CI / CD or cleanly building
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pxLi @GaryShen2008