Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneInspector-ambitiousH1:1938106
HistoryApr 07, 2023 - 10:44 a.m.

GitHub: Smuggling content in PR with refs/replace in GitHub

2023-04-0710:44:55
inspector-ambitious
hackerone.com
10
incorrect comparison vulnerability
commit smuggling
github enterprise
write access
versions 3.7.0 and above
fixed versions
bug bounty program

0.001 Low

EPSS

Percentile

24.0%

JSON

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program.

Related

prion 1
cve 1
cvelist 1
nvd 1
prion
prion
Spoofing
2023-07-27 21:15:00
cve
cve
CVE-2023-23764
2023-07-27 21:15:10
cvelist
cvelist
CVE-2023-23764 Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
2023-07-27 20:45:19
nvd
nvd
CVE-2023-23764
2023-07-27 21:15:10

0.001 Low

EPSS

Percentile

24.0%

JSON
Related for H1:1938106
prion1cve1cvelist1nvd1