GitHub employees moved quickly last month to patch a serious remote code execution vulnerability that could have exposed millions of public and private code repositories.
The flaw was discovered by Wiz Research, which said artificial intelligence tools helped uncover the issue inside GitHub’s internal Git infrastructure.
According to GitHub Chief Information Security Officer Alexis Walesa, the company’s security team immediately started reviewing the bug bounty report after receiving it. Within just 40 minutes, engineers were able to reproduce the vulnerability internally and confirm that it was critical.
GitHub then moved fast to contain the threat. The engineering team created and deployed a fix a little more than an hour after identifying the root cause.
That patch protected both GitHub.com and GitHub Enterprise Server. Walesa said the company also launched a forensic investigation, which later found no evidence that the bug had been exploited by attackers.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
