National Cyber Warfare Foundation (NCWF)

Attackers Can Generate Duplicate Verified GitHub Commits Using Signature Malleability


0 user ratings
2026-07-08 13:08:13
milo
Red Team (CNA)

Attackers can silently clone “Verified” GitHub commits by abusing signature malleability in Git’s commit-signing formats, creating byte‑different commits with identical content, valid signatures, and fresh “Verified” badges under new hashes. This breaks the long‑standing assumption that a verified commit hash is a unique, immutable identifier for a specific piece of signed content and exposes hash‑based […]


The post Attackers Can Generate Duplicate Verified GitHub Commits Using Signature Malleability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.



Divya

Source: gbHackers
Source Link: https://gbhackers.com/duplicate-verified-github-commits-using-signature-malleability/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Red Team (CNA)



Copyright 2012 through 2026 - National Cyber Warfare Foundation - All rights reserved worldwide.