VDB

GCVE-110-CLOUD-2024-0009

GCVE-110-CLOUD-2024-0009
Advisory Published
Vulnetix · Advisory published November 1, 2024
A technique called "repo swatting" allows attackers to delete GitHub and block GitLab accounts by exploiting file upload features and abuse reporting mechanisms. Attackers upload malicious files to a target's repository, then report the account for hosting malicious content, potentially resulting in account deletion. The vulnerability was partially mitigated by October 2024 via changes in upload URL paths and requirement for each uploader to be authenticated (in GitHub).

Affected Products

VendorProductVersionsPlatforms
GitHubCloud Services
GitLabCloud Services

References

advisory
advisory

Browse GCVE Records

73,866 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›