This is a bit of a clickbait, sorry. It is not a vulnerability in Github, but simply <link rel="prerender" href="..."> that loads the page in a hidden tab and instantly loads it when you're about to click.
You can do same to any 1-click dialog. After you approved, consider yourself pwned - few seconds is enough to steal all your private repos.
1 comment
[ 0.22 ms ] story [ 14.5 ms ] threadYou can do same to any 1-click dialog. After you approved, consider yourself pwned - few seconds is enough to steal all your private repos.