Express Computer
Home  »  News  »  GitHub fixes security flaw flagged by Google

GitHub fixes security flaw flagged by Google

0 119

Microsoft-owned open source code repository GitHub has finally fixed a security flaw spotted by Google months ago.

Google disclosed the details of the bug 104 days after it reported the issue to GitHub.

The fix was finally implemented on November 16, or two weeks after Google made the issue public, ZDNet reported on Monday.

The bug was reported by Google Project Zero, the company’s security team that finds bugs in all popular software.

The “high severity” security bug was spotted in GitHub’s Actions feature, a developer workflow automation tool.

“The big problem with this feature is that it is highly vulnerable to injection attacks,” Google Project Zero researcher Felix Wilhelm wrote in the bug report.

“As the runner process parses every line printed to STDOUT looking for workflow commands, every Github action that prints untrusted content as part of its execution is vulnerable. In most cases, the ability to set arbitrary environment variables results in remote code execution as soon as another workflow is executed.”

GitHub finally addressed the injection vulnerability by disabling the feature’s old runner commands, “set-env” and “add-path,” said the report.

–IANS

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image