VYPR
Unrated severityNVD Advisory· Published Aug 30, 2023· Updated Sep 27, 2024

Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling

CVE-2023-23765

Description

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ .

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • GitHub/Enterprise Serverllm-fuzzy2 versions
    <3.6.16 || >=3.7.0 <3.7.13 || >=3.8.0 <3.8.9 || >=3.9.0 <3.9.1+ 1 more
    • (no CPE)range: <3.6.16 || >=3.7.0 <3.7.13 || >=3.8.0 <3.8.9 || >=3.9.0 <3.9.1
    • (no CPE)range: 3.6.0

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.