Google researchers disclose high-severity vulnerability affecting GitHub

clock • 3 min read

The bug makes GitHub Action's workflow commands vulnerable to injection attacks, according to researchers

Google's Project Zero researchers have disclosed a high-severity vulnerability in GitHub, which, they say, could allow attackers to remotely execute code on affected systems. The bug was discove...

To continue reading this article...

Join Computing

  • Unlimited access to real-time news, analysis and opinion from the technology industry
  • Receive important and breaking news in our daily newsletter
  • Be the first to hear about our events and awards programmes
  • Join live member only interviews with IT leaders at the ‘IT Lounge’; your chance to ask your burning tech questions and have them answered
  • Access to the Computing Delta hub providing market intelligence and research
  • Receive our members-only newsletter with exclusive opinion pieces from senior IT Leaders

Join now

 

Already a Computing member?

Login

You may also like
Malicious 'ghost' DaaS network spreading malware through GitHub

Threats and Risks

Social engineering and GitHub reputation key to effectiveness

clock 25 July 2024 • 2 min read
'Levelling up cybersecurity is a team effort,' says Jacob DePriest of GitHub

Open Source

But security starts with developers, and AI isn’t going to replace them

clock 09 May 2024 • 5 min read
NHS England reinstates open source Github page used to maintain central database of GP data

Health

GP Connect page taken down, then reinstated, over 'inaccurate' patient record database claim

clock 19 March 2024 • 3 min read
Most read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Threats and Risks

Researchers ID security risks in GenAI development platforms

Researchers ID security risks in GenAI development platforms

Exposes sensitive company data

clock 29 August 2024 • 2 min read
Chinese hacking gang targets ISPs via Versa flaw

Chinese hacking gang targets ISPs via Versa flaw

Attacks believed to be geared toward intelligence gathering

Kyle Alspach
clock 28 August 2024 • 3 min read
No honour among ransomware thieves: affiliates' trust craters after takedown

No honour among ransomware thieves: affiliates' trust craters after takedown

Law enforcement action and exit scams have damaged the big gangs' brands

John Leonard
clock 22 August 2024 • 3 min read