Tom Preston-Werner

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise versions prior to 20120304 **Description** The issue allows remote attackers to set the `public key[user id]` value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability. This occurs because the software does not properly restrict the use of a hash to provide values for a model's attributes. **Recommendations** For GitHub Enterprise versions prior to 20120304, update to a version 20120304 or later to resolve the issue. As a temporary workaround, consider restricting access to the public-key update form to minimize the risk of exploitation. Avoid using the `public key[user id]` value in the affected form until the issue is resolved.