This issue is due to the fact that the data protection mechanism operates on the file system level, so it is not possible to repair it at the moment. It is recommended to upgrade to the latest version of the editor. In order to decrease the risk of losing data due to software bugs, it is always recommended to keep the installed software up to date.
As soon as you have upgraded to the latest version of GitHub, you can restore the data to the repository by doing the following: Open the Settings menu and select the Accessibility option. Select the Out-of-bounds Write option and choose the Repository option from the list. Select the relevant repository and press the red “X” icon in the upper right corner. GitHub will warn you that the content has not been saved due to a software bug and that the data may be lost.
GitHub - Information leakage
GitHub was hit with a security issue on the fall of 22nd of December, 2028. A new version of their software was released and it was determined that there is a bug which leads to information leakage, but does not allow for data restoration.
The issue seems to be related to how the application handles invalid characters in text fields and accounts for cases with multiple lines. The problem can be found in the GitHub editor, which caused information to leak from around 500 repositories.
Timeline
Published on: 05/27/2022 15:15:00 UTC
Last modified on: 08/21/2022 07:15:00 UTC
References
- https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118
- https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/
- https://security.gentoo.org/glsa/202208-32
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1897