Some notes on this novel attack, which injected a crypto miner into affected systems.
https://github.com/ultralytics/ultralytics/issues/18027
Code in the published wheel 8.3.41 is not what's in GitHub and appears to invoke mining. Users of ultralytics who install 8.3.41 will unknowingly execute an xmrig miner.
A related security advisory spells out the attack vector, which embeds shell code in the name of a branch. The branch variable is expanded in Github Actions and used to do its nefarious deeds.
https://github.com/advisories/GHSA-8v8w-v8xg-79rf
The tj-actions/branch-names GitHub Actions references the github.event.pull_request.head.ref and github.head_ref context variables within a GitHub Actions run step. The head ref variable is the branch name and can be used to execute arbitrary code using a specially crafted branch name.
An earlier security advisory for this same package is similar
https://github.com/advisories/GHSA-7x29-qqmq-v6qc
Any workflow that uses the action and runs on pull_request_target is vulnerable to arbitrary code execution within the context of the base branch. An attacker can use this to abuse the GITHUB_TOKEN or steal secrets from the workflow.
Github warns against this and other related attacks that leverage unsanitized and untrusted inputs, and gives examples of how to mitigate this risk:
https://securitylab.github.com/resources/github-actions-untrusted-input/
The best practice to avoid code and command injection vulnerabilities in GitHub workflows is to set the untrusted input value of the expression to an intermediate environment variable.