Security researchers have identified a flaw in GitHub that reportedly enables attackers to take control of repositories, thus allowing them to spread malware and infect code. GitHub has fixed the bug since it was discovered and stated that it lied in the popular repository namespace retirement feature. The same tool could be targeted by threat actors in the future leveraging different vulnerabilities as a different vulnerability in the same tool was exploited earlier this year. The flaw that was identified earlier this year enabled attackers to infect popular PHP packages that boasted millions of downloads.
GitHub repositories each have a unique URL that is connected to the original creator’s account. A new URL is generated when users device to rename their account. This function was at the root of the security vulnerability. Any repository with more than 100 clones at the time of renaming is considered to be retired, and cannot be used by others.
Read More: GitHub Bug Exposed Repositories to Hijacking