Code Injection Bugs Bite Google Apache Open Source GitHub Projects


Two security flaws were found in the GitHub environments of two extremely well-known open source projects from Apache and Google. These flaws might be used to surreptitiously alter project source code, alter project output, and travel between departments within a company.

Researchers at Legit Security claim that the problems include weaknesses in continuous integration/continuous delivery (CI/CD) that could endanger several other open source projects all over the world. Read More…