See? I TOLD you all to leave GitHub! "Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks"
Don't say I didn't warn you...
Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply chain risks.The Hacker News
This entry was edited (yesterday, 12:59 AM)


Nanook
in reply to Dymonika • •A_norny_mousse
in reply to Dymonika • • •That sounds big & creepy:
I wonder if/how alternative VCS platforms that provide similar workflow services are affected.
minfapper
in reply to Dymonika • • •How exactly do their competitors like codeberg do better in preventing that?
A_norny_mousse
in reply to minfapper • • •I'm no expert in this but I'm guessing GH's higher tiers provide much more "actions" and whatnot than Codeberg does. AFAICS Gitlab might be the only alternative that even has the mechanisms that could be exploited.
But executing code in a comment, that's harsh in any case. I mean, even I would've known how to prevent that right from the start. I think.