Bean Stalking: Growing Java beans into Remote Code Execution
In this post I’ll show how input validation which should be used to prevent malformed inputs to enter our applications, open up the doors to Remote Code Execution (RCE).
Home / Security / Vulnerability research / Page 6
Vulnerability research
Dedicated to advancing the understanding and detection of software vulnerabilities—and explaining the latest vulnerability research from the GitHub Security Lab. Go behind the scenes with the GitHub Security Lab, a collaborative initiative that brings together security researchers, developers, and organizations to find and fix security vulnerabilities in open source software.
The Octopus Scanner Malware: Attacking the open source supply chain
This post details how an open source supply chain malware spread through build artifacts. 26 open source projects were backdoored by this malware and were actively serving backdoored code.
Giving credit for Security Advisories
Saying thanks is now a core part of the Security Advisory workflow.
Hot lava: A case study in hunting for network integer arithmetic flaws
We examine the dangers of network integer arithmetic based on a case study of security vulnerabilities reported to the ntop project.
Capture the Flag 4—CodeQL and chill
Join our Capture the Flag challenge to use your CodeQL skills or learn new ones.
Triggering garbage collection with rejected promises to cause use-after-free in Chrome
In this post I’ll show how garbage collections (GC) in Chrome may be triggered with small memory allocations in unexpected places, which was then used to cause a use-after-free bug.
Sawfish phishing campaign targets GitHub users
A phishing campaign targeting our customers lures GitHub users into providing their credentials (including two-factor authentication codes). Learn more about the threat and what you can do to protect yourself.
Six years of the GitHub Security Bug Bounty program
Learn more about the Bug Bounty program, including a recap of 2019’s bugs, our expanded scope, new features, and more.
Ubuntu whoopsie integer overflow vulnerability (CVE-2019-11484)
This is the fourth and final post in a series about Ubuntu’s crash reporting system. We’ll review CVE-2019-11484, a vulnerability in whoopsie which enables a local attacker to get a shell as the whoopsie user, thereby gaining the ability to read any crash report.
Ubuntu apport PID recycling security vulnerability (CVE-2019-15790)
This is the third post in a series about Ubuntu’s crash reporting system. We’ll review CVE-2019-15790, a vulnerability in apport that enables a local attacker to obtain the ASLR offsets for any process they can start (or restart).
Ubuntu apport TOCTOU security vulnerability (CVE-2019-7307)
This is the second post in our series about Ubuntu’s crash reporting system. We’ll review CVE-2019-7307, a TOCTOU vulnerability that enables a local attacker to include the contents of any file on the system in a crash report.
Whoopsie-daisy: Chaining accidental features of Ubuntu’s crash reporter to get Local Privilege Escalation
This post summarizes several security vulnerabilities in Ubuntu’s crash reporting system: CVE-2019-7307, CVE-2019-11476, CVE-2019-11481, CVE-2019-11484, CVE-2019-15790. When chained together, they allow an unprivileged user to read arbitrary files on the system.
Securing software, together
Software security is a collective problem, a responsibility that involves producers and consumers of code, open source maintainers, security researchers, and security teams. At GitHub, we want to give the community the tools it needs to secure the software we all depend on.
The world's largest developer platform
GitHub
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
