An incorrect comparison vulnerability was identified in...
Moderate severity
Unreviewed
Published
Aug 31, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Aug 30, 2023
Published to the GitHub Advisory Database
Aug 31, 2023
Last updated
Apr 4, 2024
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ .
References