Unrated severityNVD Advisory· Published Aug 30, 2023· Updated Sep 27, 2024
Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
CVE-2023-23765
Description
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ .
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<3.6.16 || >=3.7.0 <3.7.13 || >=3.8.0 <3.8.9 || >=3.9.0 <3.9.1+ 1 more
- (no CPE)range: <3.6.16 || >=3.7.0 <3.7.13 || >=3.8.0 <3.8.9 || >=3.9.0 <3.9.1
- (no CPE)range: 3.6.0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.