While looking at the psf/black GitHub Action I noticed that when the action reads the version from pyproject.toml, it accepts values that are not strictly version strings. This makes it possible to reference a remote package and have it executed during the workflow run.
In a PR scenario, this ofc leads to arbitrary code execution on GitHub Actions runners, with no maintainer interaction.
It's my first CVE, so i wrote a writeup, and i would love to get some feedbacks on it, from people who actually work in CI security/DevSecOps :)