HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ph3t

no profile record

comments

ph3t
·पिछला वर्ष·discuss
Any application that does cross-device authentication is vulnerable to QRLJacking (this type of vulnerability) to some extent, the same way any application with username/password authentication is vulnerable to phishing.
ph3t
·पिछला वर्ष·discuss
GitHub’s dependency graph is supposed to give us this kind of visibility without any custom scripting, but from my experience it’s pretty spotty and often misses dependencies entirely.

Also, the script from the article doesn’t cover transitive GitHub Actions dependencies. So if a third-party action you’re using relies on a vulnerable action internally, it won’t catch that.