Securing the git push pipeline: Responding to a critical remote code execution vulnerability
… Receiving the bug bounty report The bug bounty report described a way for any user with push access to a repository, including a repository they created themselves, to achieve arbitrary command execution on the GitHub server handling their git push operation. …