Tag
#git
3 stories taggedgit.

Cloud Security
GitHub's Green 'Verified' Badge Can Lie: Signed Commits Cloned Without the Key
Researchers show anyone can produce a second signed commit that matches the author, date and files of a real one, keeping GitHub's Verified stamp while changing the unique fingerprint developers rely on.
4 min

Vulnerabilities
Critical Argument Injection Zero-Day in Gogs Puts Self-Hosted Git Servers at Risk
A CVSS 9.4 flaw lets authenticated attackers execute arbitrary code through maliciously named pull-request branches — no patch is available.
2 min

Vulnerabilities
Authenticated RCE in Gogs Hits CVSS 9.4 — and There's No CVE Yet
A critical flaw in the self-hosted Git service lets any logged-in account execute arbitrary code on the server. The auth bar is low. The blast radius isn't.
2 min