Articles GitHub fixed a dangerous vulnerability two weeks after disclosing...

GitHub fixed a dangerous vulnerability two weeks after disclosing details

-

The GitHub developers have finally fixed a high-risk vulnerability that researchers from Google Project Zero reported to them more than three months ago . At that time, the vulnerability was known to affect the Actions function.

As a reminder, Actions is a workflow automation tool for developers. As Felix Wilhelm of Google Project Zero pointed out, Actions is vulnerable to a command injection attack.

Despite the high severity attributed to the vulnerability by Google experts, GitHub officials said it was a medium severity issue.

As a rule, Google Project Zero discloses information about the found vulnerabilities 90 days after notifying the developers. In this case, GitHub was dragging on for a long time, so the researchers were forced to publish the technical details after 104 days.

Now the developers have finally changed their minds and eliminated the vulnerability, as Wilhelm had originally suggested. To do this, it was enough to disable the “set-env” and “add-path” commands.

It’s a shame that the GitHub representatives had to wait two weeks after the details of the security issue were published.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you