ACFOR vulnerabilityoccurs when a fork of a GitHub repository can access sensitive data from another fork.
Every single commit saved on GitHub database servers has its own hash.
How can this be a security issue?
GitHubrespondedto CFOR claims by Truffle Security, stating that this is the intended,documented behaviorof the development platform.
Truffle isn’t convinced, noting that the service should implement new measures to avoid CFOR.
Other git-based platforms such as Bitbucket and GitLab are likely affected by the same issue, the researchers said.
