minus-squarebort@sopuli.xyztoSelfhosted@lemmy.world•700+ self-hosted Git instances battered in 0-day attacks with no fix imminentlinkfedilinkEnglisharrow-up50·1 day ago Here are the steps: The attacker creates a standard Git repository. They commit a single symbolic link pointing to a sensitive target. Using the PutContents API, they write data to the symlink. The system follows the link and overwrites the target file outside the repository. By overwriting .git/config (specifically the sshCommand), the attacker can force the system to execute arbitrary commands– amazing. linkfedilink
bort@sopuli.xyz to Animemes@ani.social · 5 months ago[template] Witch Hat Attelier sopuli.xyzimagemessage-square0linkfedilinkarrow-up11arrow-down10
arrow-up11arrow-down1image[template] Witch Hat Attelier sopuli.xyzbort@sopuli.xyz to Animemes@ani.social · 5 months agomessage-square0linkfedilink
amazing.