Millions of GitHub repos likely vulnerable to RepoJacking, researchers say


Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as “RepoJacking,” which could help attackers deploy supply chain attacks impacting a large number of users.

The warning comes from AquaSec’s security team, ‘Nautilus,’ who analyzed a sample of 1.25 million GitHub repositories and found that about 2.95% of them to be vulnerable to RepoJacking.

By extrapolating this percentage to GitHub’s entire repository base of more than 300 million, the researchers estimate that the issue affects approximately 9 million projects.

Read more…