>My guess is the PR took advantage of some code injection possibilities in the GitHub Actions on the repo to grant the attacker admin access. But that’s a wild guess.
Someone below mentioned the offending commit[1], which seems to be a doppelganger of another commit[2]. Maybe the exact commit message broke the automation?
Someone below mentioned the offending commit[1], which seems to be a doppelganger of another commit[2]. Maybe the exact commit message broke the automation?
[1] https://github.com/aws/aws-toolkit-vscode/commit/678851bbe97...
[2] https://github.com/aws/aws-toolkit-vscode/commit/d1959b99684...