The vulnerability resides in the entry point script of the Espressif Shared GitHub DangerJS action, which, before version 1.0.1, copied a fork’s checkout into the action’s workspace and invoked DangerJS from that location. This created an untrusted search path for both binary and Node.js module resolution, allowing code supplied by a pull request from a fork to be executed in place of the action’s intended code. The result is that an attacker can run arbitrary code inside the container that hosts the CI workflow, compromising the integrity and confidentiality of the build environment. Based on the CWE identifiers, the weakness involves improper validation of an execution path and potential exploitation of elevated privileges.

Vulnerable instances are GitHub repositories that utilize the Espressif Shared GitHub DangerJS action with a version older than 1.0.1, particularly those where the workflow uses a pull_request_target trigger to process forks. Any project depending on this action, notably Espressif’s own GitHub projects, is impacted unless the action has been updated to the patched release.

The CVSS score of 8.2 indicates a high severity, and while EPSS data is not available, the nature of the flaw suggests a realistic exploitation scenario for projects that accept fork pull requests into pull_request_target workflows. The risk is heightened in environments where pull requests from external contributors are routinely processed. The lack of a KEV listing does not reduce the immediate need for remediation, as the flaw allows local execution of hostile code within the CI pipeline.