A critical remote code execution vulnerability in GitHub has been discovered, potentially allowing attackers to execute arbitrary code on GitHub.com and GitHub Enterprise Server. The bug, uncovered by Wiz researchers, exploits the handling of server-side "git push" operations, enabling authenticated users to execute arbitrary commands via GitHub's backend Git processing pipeline by crafting malicious input within a standard Git push. GitHub has since patched the vulnerability, acknowledging its severity, with its CISO noting the finding's high caliber and severity. The vulnerability could have exposed millions of repositories to attack, highlighting the importance of swift patching and vulnerability management. This vulnerability matters to practitioners because it underscores the need for robust security measures to prevent exploitation of critical infrastructure like GitHub, which is widely used in software development1.