CVE-2023-23764

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions 3.7.0 through 3.7.8 GitHub Enterprise Server versions 3.8.0 through 3.8.1 GitHub Enterprise Server versions 3.9.0

Description An incorrect comparison issue was identified that allowed commit smuggling, displaying an incorrect diff within the GitHub pull request UI. An attacker would need write access to the repository to exploit this. The issue was reported via the GitHub Bug Bounty program.

Recommendations For GitHub Enterprise Server versions 3.7.0 through 3.7.8, update to version 3.7.9. For GitHub Enterprise Server versions 3.8.0 through 3.8.1, update to version 3.8.2. For GitHub Enterprise Server version 3.9.0, update to version 3.9.1.