Researchers Uncover Git Hash Chain Malleability in Signed Commits
New research shows signed Git commit hashes can be altered while keeping a valid signature and GitHub's Verified badge, undermining commit integrity assumptions.
gitcryptographysupply-chain-securityecdsa