Langflow is a powerful tool for building and deploying AI-powered agents and workflows.
fix: prevent CI injection via unsanitized GitHub context interpolation (#12224)
Pass github.event.pull_request.head.ref through env: instead of interpolating it directly into run: shell steps. This prevents bash from evaluating command substitutions embedded in malicious branch names before input validation runs. Co-authored-by: Janardan Singh Kavia <janardankavia@ibm.com>
A
Antônio Alexandre Borges Lima committed
5c9bbe580f279014be2ec002ce866ff364dd31e9
Parent: 7d4ffbc
Committed by GitHub <noreply@github.com>
on 3/19/2026, 7:40:26 PM