Tell HN: Publicly editable GitHub wikis can be abused to distribute malware

1 point

3 years ago

It's only a matter of time until someone abuses a publicly editable wiki. For example, as someone noticed on Reddit[1], a link to Git for Windows on Vundle's wiki was replaced with a link to malware:

https://github.com/VundleVim/Vundle.vim/wiki/Vundle-for-Windows/_compare/3aeb22ac39229af4312f2be1052ead184dd5b54d...aa3d293dd18ae1cb4f049c43b73b951651515863

In fact, most of the recent edits (made by many different accounts) were malicious:

https://github.com/VundleVim/Vundle.vim/wiki/Vundle-for-Windows/_history

I recommend restricting editing in your GitHub wikis to collaborators only.

[1] - https://www.reddit.com/r/vim/comments/zzcn10/vimorg_autosave_vundle_plugin_windows_installer/