GitHub RCE flaw shakes git pipeline

This is the kind of bug that should make every platform team uncomfortable: the attack surface was not an app endpoint, but the invisible plumbing behind `git push`.

• –A single crafted push option could cross a trust boundary and turn user input into backend command execution.
• –The impact is asymmetric: GitHub.com was patched by GitHub, but GHES customers still carry the operational risk and need to upgrade fast.
• –Wiz’s use of AI-augmented reverse engineering is the interesting meta-story here: closed-source infrastructure is getting easier to audit offensively.
• –For defenders, the practical takeaway is to treat push-access users as high-value trust points and review audit logs for suspicious push-option activity.