3 ways to get Remote Code Execution in Kafka UI
The GitHub Blog
by Michael Stepankin
1d ago
Kafka UI is a popular open source web application designed to manage and monitor Apache Kafka clusters. It is used mainly by developers and administrators to provide visual representation of the connected Kafka clusters. Some users may not be aware that in its default configuration, Kafka UI does not require authentication to read and write data. This results in many unprotected Kafka UI instances deployed in internal networks or even being exposed to the internet. It might not be seen as a major security issue, as the data exposed might be public or not sensitive at all, but it may open a doo ..read more
Visit website
How researchers are using GitHub Innovation Graph data to estimate the impact of ChatGPT
The GitHub Blog
by Kevin Xu
6d ago
We launched the GitHub Innovation Graph to make it easier for researchers, policymakers, and developers to access longitudinal metrics on software development for economies around the world. We’re pleased to report that researchers are indeed finding the Innovation Graph to be a useful resource, and with today’s Q1 2024 data release, I’m excited to share an interview with two researchers who are using data from the Innovation Graph in their work: Alexander Quispe is a junior researcher at the World Bank in the Digital Development Global Practice and lecturer in the Department of Economics at ..read more
Visit website
GitHub Availability Report: June 2024
The GitHub Blog
by Jakub Oleksy
1w ago
In June, we experienced two incidents that resulted in degraded performance across GitHub services. June 05 17:05 UTC (lasting 142 minutes) On June 5, between 17:05 UTC and 19:27 UTC, the GitHub Issues service was degraded. During that time, events related to projects were not displayed on issue timelines. These events indicate when an issue was added to or removed from a project and when their status changed within a project. A misconfiguration of the service backing these events prevented the data from being loaded. We determined the root cause to be a scheduled secret rotation that resulted ..read more
Visit website
Advancing responsible practices for open source AI
The GitHub Blog
by Peter Cihon
1w ago
Today, the Partnership on AI (PAI) published a report, Mapping Risk Mitigation Strategies for Open Foundation Models. The report provides guidance for actors building, hosting, adapting, and serving AI that relies on open source and other weights-available foundation models. It is an important step forward for responsible practices in the open source AI value chain. The report is based on a workshop that GitHub recently co-hosted with PAI, as part of our work to support a vibrant and responsible open source ecosystem. Developers build and share open source components at every level of the AI s ..read more
Visit website
Exploring the challenges in creating an accessible sortable list (drag-and-drop)
The GitHub Blog
by Kendall Gassner
2w ago
Drag-and-drop is a highly interactive and visual interface. We often use drag-and-drop to perform tasks like uploading files, reordering browser bookmarks, or even moving a card in solitaire. It can be hard to imagine completing most of these tasks without a mouse and even harder without using a screen or visual aid. This is why the Accessibility team at GitHub considers drag-and-drop a “high-risk pattern,” often leading to accessibility barriers and a lack of effective solutions in the industry. Recently, our team worked to develop a solution for a more accessible sortable list, which we refe ..read more
Visit website
Beginner’s guide to GitHub: Uploading files and folders to GitHub
The GitHub Blog
by Kedasha Kerr
2w ago
Welcome back to GitHub for Beginners, a series designed to help you navigate GitHub with ease. If you’ve been following along, we’ve covered some basics of Git and GitHub, including the top Git commands every developer should know and how to create repositories. Now that you have a repository, you can use it to track file versions or collaborate with others. However, first you need to upload your files to the repository. Let’s get started! How do I upload files? There are multiple ways you can upload content to GitHub, and we’ll go through a few of them. The first option we’ll cover is upload ..read more
Visit website
Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties
The GitHub Blog
by Man Yue Mo
3w ago
In this post, I’ll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that I reported in March 2024 as bug 331383939. A similar bug, 331358160, was also reported and was assigned CVE-2024-3832. Both of these bugs were fixed in version 124.0.6367.60/.61. CVE-2024-3833 allows RCE in the renderer sandbox of Chrome by a single visit to a malicious site. Origin trials in Chrome New features in Chrome are sometimes rolled out as origin trials features before they are made available in general. When a feature is offered as an origin trial, web developers can regis ..read more
Visit website
Beginner’s guide to GitHub repositories: How to create your first repo
The GitHub Blog
by Kedasha Kerr
1M ago
Welcome back to GitHub for Beginners, a series designed to help you navigate GitHub with ease. Our last post covered the top Git commands every developer should know. Today, we’re diving right into the heart of GitHub: repositories! What they are, how to create one, all of their different features and settings, and more. Whether you’re a developer, a writer, or just curious about version control, understanding repositories is your first step into the world of GitHub. So, let’s say you created your GitHub account. Now what? Let’s Git right into it and start from the beginning. What is a reposit ..read more
Visit website
Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects
The GitHub Blog
by Peter Stöckli
1M ago
Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog post, we’ll describe how unsafe deserialization vulnerabilities work and how you can detect them in Ruby projects. All samples in this blog post are made using the Oj JSON serialization library for Ruby, but that does not mean they are limited to this library. At the end of this blog post, we will link to a repository that contains working sample exploits that work for Oj (JSON), Ox (XML), Psych (YAM ..read more
Visit website
GitHub Enterprise Server 3.13 is now generally available
The GitHub Blog
by Amanda Ulrich
1M ago
GitHub Enterprise Server 3.13 is now generally available. It includes many new features for developers, enterprise admins, and operators. All of this is to help your organization build better, more secure software, faster. What’s happening in this release? Find the information you need, faster Getting the information you need quickly is essential to keeping your workflow efficient. The latest UI updates to GitHub repositories are thoughtfully designed to enhance productivity. It’s easier to find what you need using the improved code search, and special files are simple to spot with a prominent ..read more
Visit website

Follow The GitHub Blog on FeedSpot

Continue with Google
Continue with Apple
OR