Vowpal Wabbit’s GitHub Actions workflow, located at .github/workflows/python_checks.yml, interpolates the pull request title directly into quoted bash strings used as arguments to a Python test script. When the shell expands the variable, the argument string can be crafted to break out of the quotes, inserting arbitrary shell commands. This results in command injection that gives the attacker code execution privileges on the CI runner executing the workflow. The flaw aligns with CWE‑1336 (Command Injection) and CWE‑78 (OS Command Injection). The compromise affects confidentiality, integrity, and availability of the CI environment, as attackers can run any command with the runner’s permissions.

The vulnerability is present in any Vowpal Wabbit repository that uses the default python_checks.yml workflow before the commit 998e390e80a7e8192d7849b7784bc113dbd190ad was applied. All branches are covered by the trigger, so any pull request targeting any branch contains the vulnerable workflow. No specific version range is listed; the issue was fixed in the referenced commit. Users deploying the repository with older workflow files are impacted.

With a CVSS score of 5, the vulnerability is considered medium severity. The EPSS score is not available, and the issue is not listed in CISA’s KEV catalog, indicating no known widespread exploitation at this time. The likely attack vector is through the GitHub Actions CI environment, where a malicious or compromised contributor can craft a pull request title to inject commands. Since the workflow runs with the permissions of the runner, any code executed can manipulate files, expose credentials, or affect downstream processes. While no exploit has been publicly reported, the presence of the vulnerability in a common CI pipeline warrants timely patching.