Try GitHub Copilot CLIAttend GitHub Universe
Back to changelog
Improvement

March 13, 20191 Minute Read

GitHub Enterprise Cloud (“github.com”) vulnerabilities response: patched and not vulnerable

GitHub.com and supporting services are not vulnerable. Patches and mitigations were applied as necessary ahead of the public vulnerability disclosure. Standard incident response procedures were enacted to ensure no earlier attempts were made to exploit the vulnerabilities.

Common Vulnerability and Exposure (CVE) references have been issued for the vulnerabilities:

  • CRITICAL: A specially crafted request could allow arbitrary files to be read and the file content to be disclosed. For more information, see the associated Rails CVE: CVE-2019-5418
  • HIGH: High CPU usage could be triggered by a specially crafted request resulting in Denial of Service (DoS). For more information see the associated Rails CVE: CVE-2019-5419

Subscribe to our developer newsletter

Discover tips, technical guides, and best practices in our biweekly newsletter just for devs.

By submitting, I agree to let GitHub and its affiliates use my information for personalized communications, targeted advertising, and campaign effectiveness. See the GitHub Privacy Statement for more details.

GitHub Enterprise Cloud (“github.com”) vulnerabilities response: patched and not vulnerable - GitHub Changelog