> Responsible Disclosure GitLost was responsibly disclosed to GitHub. Vulnerability details are shared here with their knowledge.
Why does this section not have when it was fixed or GitHub acknowledge/rejected this?
Did they not fix this?
Fix what? They setup LLM with access to private data and ability to read public comments. That's simply misconfiguration.
Actually op, can you clarify if you did this with the below setting on? There is a literal setting to stop this so I'm curious if this was created because of this report or if this is just negligence from the reporter to not add this as a comment.
https://github.github.com/gh-aw/reference/cross-repository/#...
This isn’t a normal software bug, it’s not fixable in the same way you can’t fix regular support staff from being tricked.
The answer is you should not allow LLMs access to untrusted input and sensitive data at the same time.