Social News XYZ     

GitHub fixes security flaw flagged by Google

GitHub fixes security flaw flagged by Google

San Francisco, Nov 23 (SocialNews.XYZ) Microsoft-owned open source code repository GitHub has finally fixed a security flaw spotted by Google months ago.

Google disclosed the details of the bug 104 days after it reported the issue to GitHub.

 

The fix was finally implemented on November 16, or two weeks after Google made the issue public, ZDNet reported on Monday.

The bug was reported by Google Project Zero, the company's security team that finds bugs in all popular software.

The "high severity" security bug was spotted in GitHub's Actions feature, a developer workflow automation tool.

"The big problem with this feature is that it is highly vulnerable to injection attacks," Google Project Zero researcher Felix Wilhelm wrote in the bug report.

"As the runner process parses every line printed to STDOUT looking for workflow commands, every Github action that prints untrusted content as part of its execution is vulnerable. In most cases, the ability to set arbitrary environment variables results in remote code execution as soon as another workflow is executed."

GitHub finally addressed the injection vulnerability by disabling the feature's old runner commands, "set-env" and "add-path," said the report.

Source: IANS

Facebook Comments
GitHub fixes security flaw flagged by Google

About Gopi

Gopi Adusumilli is a Programmer. He is the editor of SocialNews.XYZ and President of AGK Fire Inc.

He enjoys designing websites, developing mobile applications and publishing news articles on current events from various authenticated news sources.

When it comes to writing he likes to write about current world politics and Indian Movies. His future plans include developing SocialNews.XYZ into a News website that has no bias or judgment towards any.

He can be reached at gopi@socialnews.xyz

%d bloggers like this: