This is a vulnerability within the check-spelling workflow specifically and not GitHub Actions. This workflow is used to, well, check the spelling on an incoming Pull Request. New PR comes in, spelling is checked according to an in-repo configuration, and spelling issues are added as a comment to the PR.

The problem comes from the advice.txt or advice.md files the workflow uses from inside the repository. The Advice file is used to provide content that is inserted directly into Github comments or logs

Since this file is within the repository the Pull Request can actually change the file being read for advice, so an malicious attacker could create a symline from advice.txt to /proc/self/environ to leak the environment vars of the GitHub Action runner including the GITHUB_TOKEN

Patch - Commit The primary change is that they added a perl script that checks if the file’s absolute path lives within the workspace path and not inside the .git folder. The same commit also drops support for windows based runners.