Critical GitHub Vulnerability Exposes 4,000+ Repositories to Repojacking Attack

Started by Theo Gottwald, September 12, 2023, 05:25:59 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Theo Gottwald

QuoteA new vulnerability disclosed in GitHub could have exposed thousands of repositories at risk of repojacking attacks, new findings show.

The flaw "could allow an attacker to exploit a race condition within GitHub's repository creation and username renaming operations," Checkmarx security researcher Elad Rapoport said in a technical report shared with The Hacker News.

"Successful exploitation of this vulnerability impacts the open-source community by enabling the hijacking of over 4,000 code packages in languages such as Go, PHP, and Swift, as well as GitHub actions."

Following responsible disclosure on March 1, 2023, the Microsoft-owned code hosting platform has addressed the issue as of September 1, 2023.

Critical GitHub Vulnerability Exposes 4,000+ Repositories to Repojacking Attack

Zlatko Vid

I know  one thing...
stupid ,ugly Github blocked my own account  >:(
because i refuse give them my phone number
...good thing ..i already deleted all my stuff from there
and move everything on sourceForge.

Charles..please
update your sourceForge files
  •  

Charles Pegge

OK Aurel, yes I've updated SourceForge,  and I have FTP access to the website this time. Can edit pages directly on-site with NotePad :)

Zlatko Vid

  •