Microsoft-owned open-source code repository GitHub finally fixes a high severity security flaw spotted by Google Project Zero more than three months ago. While Google described it as a high severity bug, GitHub said it was moderate security vulnerability.
The bug affected GitHub’s Actions feature – a developer workflow automation tool – that Google Project Zero researcher Felix Wilhelm said was “highly vulnerable to injection attacks.”
Google Project Zero discloses any flaws it finds 90 days after reporting them, and by November 2, GitHub had exceeded Google’s one-off grace period of 14 days without having fixed the flaw.
To Read More: https://www.zdnet.com/article/github-fixes-high-severity-security-flaw-spotted-by-google/
