1 comment

[ 0.22 ms ] story [ 14.5 ms ] thread
This is a bit of a clickbait, sorry. It is not a vulnerability in Github, but simply <link rel="prerender" href="..."> that loads the page in a hidden tab and instantly loads it when you're about to click.

You can do same to any 1-click dialog. After you approved, consider yourself pwned - few seconds is enough to steal all your private repos.