svelte-artifact-poisoning-poc Svelte Themes

Svelte Artifact Poisoning Poc

Sicks3c

POC for artifact poisoning vulnerability

Artifact Poisoning POC

This repository demonstrates a GitHub Actions artifact poisoning vulnerability similar to the one found in sveltejs/svelte.

Vulnerability

The post-comment.yml workflow:

Triggers on workflow_run completion of build-artifact.yml
Downloads artifact created by the triggering workflow
Trusts artifact content to determine which issue/PR to comment on
Trusts artifact content for the comment body

Attack Vector

When a PR from a fork triggers build-artifact.yml:

The fork's version of the workflow runs
The fork can create a malicious artifact
The post-comment.yml (running in main repo context with write permissions) downloads and trusts it

To Test

Fork this repository
Modify .github/workflows/build-artifact.yml in your fork
Open a PR to this repository
Observe the comment posted based on your artifact content

Top categories

tailwind daisyui admin template popup mdsvex portfolio blog form ecommerce ui carousel auth dark seo image routing