Skip to content
The Nexus
SECURITYJul 8 · 11:51 UTCTHE HACKER NEWS[email protected] (The Hacker News)

GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures

Research reveals that GitHub's 'Verified' commits can be altered to create new hashes with identical files, author, and date while maintaining valid signatures. This undermines the assumption that a commit's hash is unique, as GitHub still verifies the altered commit despite the hash change.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this
Related Signal

Adjacent reporting