Millions of GitHub Repositories Vulnerable to RepoJacking Attack

A recent study conducted by Aqua Nautilus security company has revealed that millions of GitHub repositories are vulnerable to RepoJacking attack. This particular vulnerability, known as dependency repository hijacking, allows malicious actors to compromise the integrity of software packages and inject malicious code into projects. RepoJacking is a technique used to hijack renamed repository URLs traffic and and rerouting it towards the attacker's repository by exploiting a logical flaw that breaks the original redirect.

The study found that the vulnerability also affects repositories from organizations such as Google, Lyft, and several others. When a GitHub repository's creator chooses to change their username, leaving the previous username available for registration, the repository becomes vulnerable to RepoJacking.

In their research, experts examined a subset of 1.25 million repositories in June 2019 and identified that 2.95% of them were susceptible to RepoJacking. Considering that GitHub contains more than 330 million repositories, millions of repositories could potentially be vulnerable.

To mitigate these risks, it is recommended that users regularly check their repositories for any links that may pull resources from external GitHub repositories. If a company decides to change its name, it is crucial to ensure that the previous name remains under their ownership to prevent intruders from exploiting it.

This study highlights the importance of routinely checking repositories for vulnerabilities and implementing measures to minimize risks. With more and more companies relying on GitHub to manage their code repositories, prioritizing security and adopting proactive measures to safeguard against attacks becomes imperative.