OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the `pull_request_target` event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context of the base repository, including a write-privileged `GITHUB_TOKEN` and numerous sensitive secrets (API keys, database/vector store tokens, and a Google Cloud service account key). Version 1.37.1 contains a fix.
GitHub Actions workflows in the OpenLIT repository use the `pull_request_target` event, which runs the workflow in the context of the base repository — even when the code comes from an external fork. An attacker can open a malicious pull request from a fork, and their code will be retrieved and executed in a privileged context. This grants access to the GITHUB_TOKEN with write permissions and sensitive secrets such as API keys, database tokens, and Google Cloud service account keys.
An attacker authenticated as an external contributor can gain full access to sensitive repository secrets and perform privileged operations in the CI/CD environment, which may lead to compromise of the entire software supply chain (supply chain attack).
OpenLIT should be updated to version 1.37.1, which contains a fix eliminating the vulnerable use of the `pull_request_target` event. Details of the fix are available in commit 4a62039a1659d6cbb8913172693f587b5fc2546c and in security advisory GHSA-9jgv-x8cq-296q.
OpenLIT Software Development Kit (OpenLIT platform) in versions prior to 1.37.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HOpenlit Software Development Kit
APPOpenlit1.36.2 – 1.37.1 (bez)