Security News > 2023 > June > Alert: Million of GitHub Repositories Likely Vulnerable to RepoJacking Attack

Millions of software repositories on GitHub are likely vulnerable to an attack called RepoJacking, a new study has revealed.

Aqua said a threat actor could leverage websites like GHTorrent to extract GitHub metadata associated with any public commits and pull requests to compile a list of unique repositories.

An analysis of a subset of 1.25 million repositories for the month of June 2019 revealed that as many as 36,983 repositories were vulnerable to RepoJacking, denoting a 2.95% success rate.

With GitHub containing more than 330 million repositories, the findings suggest that millions of repositories could be vulnerable to a similar attack.

In October 2022, GitHub moved to close a security loophole that could have been exploited to create malicious repositories and mount supply chain attacks by circumventing popular repository namespace retirement.

To mitigate such risks, it's recommended that users periodically inspect their code for links that may be retrieving resources from external GitHub repositories.

News URL

https://thehackernews.com/2023/06/alert-million-of-github-repositories.html