Back to directory

WRITEUP #2225

Attackers Can Bypass GitHub Required Reviewers to Submit Malicious Code

Logic BugBroken authorizationLogic flaw

byNoam Dotan

Program

GitHub

Published

Sep 8, 2022

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://www.legitsecurity.com/blog/bypassing-github-required-reviewers-to-submit-malicious-code

▸ RELATED WRITEUPS

Logic Flaw: I Can Block You from Accessing Your Own Account

Logic BugLogic flaw

“Like” Bypass on Customer Reviews — €500 bounty

Logic BugLogic flaw

CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)

RCEForced browsing

How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System

ReconMissing authentication

Interesting Business Logic Error leads to Pre-Account Takeover via Verification bypass on GoogleVRP

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat