Egor, stop hacking Github!
A few hours ago, a programmer from St. Petersburg Yegor Khomyakov made a commit in the Ruby on Rails master brunch ( screenshot )
In a personal blog, Egor wrote that the vulnerability he discovered allows him to do pull / commit / push in any repository on Github. He explained his action with irritation at the fact that Rails mainteners ignored the bug he had reported, and therefore Egor now decided to test it on the first draft that came to hand.
')
PS In connection with these events, Github today made changes to the site’s security policy by adding the Responsible Disclosure of Security section of the Vulnerabilities .
In a personal blog, Egor wrote that the vulnerability he discovered allows him to do pull / commit / push in any repository on Github. He explained his action with irritation at the fact that Rails mainteners ignored the bug he had reported, and therefore Egor now decided to test it on the first draft that came to hand.
')
PS In connection with these events, Github today made changes to the site’s security policy by adding the Responsible Disclosure of Security section of the Vulnerabilities .
Source: https://habr.com/ru/post/139399/
All Articles