The GitHub situation just got worse...

Wiz Research discovered a critical vulnerability in GitHub by exploiting a lack of input sanitization in Babeld, GitHub's SSH routing component. By injecting semicolons into git push options, attackers could smuggle arbitrary data outside the trusted Xstat HTTP header, effectively overwriting privileged server-side flags. Combined with a path traversal in pre-receive hooks and a flag to enable enterprise mode, this chain allowed arbitrary remote code execution as the git user — granting read access to all repositories on the affected server, bypassing private repo protections entirely. GitHub fixed the RCE within hours of Wiz's March 4th disclosure. The root cause was classic unsanitized input propagated across trust boundaries, unrelated to memory safety issues like those Rust addresses.