Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
emidoots
on June 24, 2023
|
parent
|
context
|
favorite
| on:
Millions of GitHub repos likely vulnerable to Repo...
That won't help you very much. There's no guarantee the commit belongs to the named repository with e.g. raw links[0].
[0]
https://twitter.com/slimsag/status/1672421999698903043
faangsticle
on June 24, 2023
|
next
[–]
Of course it will, since you'll either get the commit you wanted at the time you wrote the script, or an error.
bqmjjx0kac
on June 24, 2023
|
parent
|
next
[–]
Unless someone is very good at finding SHA1 collisions.
NhanH
on June 24, 2023
|
root
|
parent
|
next
[–]
The collisions need to deliver malicious payload as well, making it extra hard
manwe150
on June 24, 2023
|
root
|
parent
|
prev
|
next
[–]
Those are still very hard to get for a random hash, and GitHub I think warns (or blocks?) you if you try to push a hash with a known vulnerability.
glandium
on June 24, 2023
|
prev
[–]
If you clone the repo, it won't be there.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
[0] https://twitter.com/slimsag/status/1672421999698903043