{"id":18992,"date":"2025-04-07T11:14:03","date_gmt":"2025-04-07T11:14:03","guid":{"rendered":""},"modified":"2025-10-22T01:49:25","modified_gmt":"2025-10-22T07:49:25","slug":"cve-2023-6528-remote-code-execution-vulnerability-in-github-desktop-and-atom-via-git-lfs-hooks","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2023-6528-remote-code-execution-vulnerability-in-github-desktop-and-atom-via-git-lfs-hooks\/","title":{"rendered":"CVE-2023-6528: Remote Code Execution Vulnerability in GitHub Desktop and Atom via Git LFS Hooks"},"content":{"rendered":"<h2 class=\"\" data-start=\"263\" data-end=\"274\">Overview<\/h2>\n<p class=\"\" data-start=\"276\" data-end=\"795\"><strong data-start=\"276\" data-end=\"293\">CVE-2023-6528<\/strong> is a critical security vulnerability discovered in GitHub Desktop and Atom when used in combination with Git Large File Storage (Git LFS). This flaw allows remote attackers to execute arbitrary code on a user\u2019s system by distributing malicious repositories.<br data-start=\"551\" data-end=\"554\" \/>Given the popularity of GitHub Desktop in both open-source and enterprise environments, the potential for abuse is high\u2014particularly in supply chain attacks where developers are tricked into cloning and working with compromised repositories.<\/p>\n<p class=\"\" data-start=\"797\" data-end=\"978\">Understanding the risk and implementing mitigation measures for CVE-2023-6528 is essential for all developers and organizations relying on GitHub Desktop or Atom in their workflows.<\/p>\n<h2 class=\"\" data-start=\"985\" data-end=\"1009\">Vulnerability Summary<\/h2>\n<div class=\"group pointer-events-none relative flex justify-center *:pointer-events-auto\"><button class=\"hover:bg-token-main-surface-secondary text-token-text-secondary pointer-events-auto rounded-lg px-1 py-1 opacity-0 transition-opacity duration-200 group-focus-within:opacity-100 group-hover:opacity-100\"><\/button><\/p>\n<div class=\"tableContainer horzScrollShadows relative\">\n<table class=\"min-w-full\" data-start=\"1011\" data-end=\"1586\">\n<thead data-start=\"1011\" data-end=\"1082\">\n<tr data-start=\"1011\" data-end=\"1082\">\n<th data-start=\"1011\" data-end=\"1036\">Field<\/th>\n<th data-start=\"1036\" data-end=\"1082\">Detail<\/th>\n<\/tr>\n<\/thead>\n<tbody data-start=\"1155\" data-end=\"1586\">\n<tr data-start=\"1155\" data-end=\"1226\">\n<td class=\"max-w-[calc(var(--thread-content-max-width)*2\/3)]\" data-start=\"1155\" data-end=\"1180\"><strong data-start=\"1157\" data-end=\"1167\">CVE ID<\/strong><\/td>\n<td class=\"max-w-[calc(var(--thread-content-max-width)*2\/3)]\" data-start=\"1180\" data-end=\"1226\">CVE-2023-6528<\/td>\n<\/tr>\n<tr data-start=\"1227\" data-end=\"1298\">\n<td class=\"max-w-[calc(var(--thread-content-max-width)*2\/3)]\" data-start=\"1227\" data-end=\"1252\"><strong data-start=\"1229\" data-end=\"1241\">Severity<\/strong><\/td>\n<td class=\"max-w-[calc(var(--thread-content-max-width)*2\/3)]\" data-start=\"1252\" data-end=\"1298\">Critical (CVSS Score: 9.8)<\/td>\n<\/tr>\n<tr data-start=\"1299\" data-end=\"1370\">\n<td class=\"max-w-[calc(var(--thread-content-max-width)*2\/3)]\" data-start=\"1299\" data-end=\"1324\"><strong data-start=\"1301\" data-end=\"1318\">Attack Vector<\/strong><\/td>\n<td class=\"max-w-[calc(var(--thread-content-max-width)*2\/3)]\" data-start=\"1324\" data-end=\"1370\">Remote<\/td>\n<\/tr>\n<tr data-start=\"1371\" data-end=\"1442\">\n<td class=\"max-w-[calc(var(--thread-content-max-width)*2\/3)]\" data-start=\"1371\" data-end=\"1396\"><strong data-start=\"1373\" data-end=\"1396\">Privileges Required<\/strong><\/td>\n<td class=\"max-w-[calc(var(--thread-content-max-width)*2\/3)]\" data-start=\"1396\" data-end=\"1442\">None<\/td>\n<\/tr>\n<tr data-start=\"1443\" data-end=\"1514\">\n<td class=\"max-w-[calc(var(--thread-content-max-width)*2\/3)]\" data-start=\"1443\" data-end=\"1468\"><strong data-start=\"1445\" data-end=\"1465\">User Interaction<\/strong><\/td>\n<td class=\"max-w-[calc(var(--thread-content-max-width)*2\/3)] min-w-[calc(var(--thread-content-max-width)\/3)]\" data-start=\"1468\" data-end=\"1514\">Required (cloning or interacting with repo)<\/td>\n<\/tr>\n<tr data-start=\"1515\" data-end=\"1586\">\n<td class=\"max-w-[calc(var(--thread-content-max-width)*2\/3)]\" data-start=\"1515\" data-end=\"1540\"><strong data-start=\"1517\" data-end=\"1527\">Impact<\/strong><\/td>\n<td class=\"max-w-[calc(var(--thread-content-max-width)*2\/3)]\" data-start=\"1540\" data-end=\"1586\"><a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-45199-remote-code-execution-vulnerability-in-insightsoftware-hive-jdbc\/\"  data-wpil-monitor-id=\"29915\">Remote Code Execution<\/a> (RCE)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<h2 class=\"\" data-start=\"1593\" data-end=\"1613\">Affected Products<\/h2>\n<div class=\"group pointer-events-none relative flex justify-center *:pointer-events-auto\"><button class=\"hover:bg-token-main-surface-secondary text-token-text-secondary pointer-events-auto rounded-lg px-1 py-1 opacity-0 transition-opacity duration-200 group-focus-within:opacity-100 group-hover:opacity-100\"><\/button><\/p>\n<div class=\"tableContainer horzScrollShadows relative\">\n<table class=\"min-w-full\" data-start=\"1615\" data-end=\"1866\">\n<thead data-start=\"1615\" data-end=\"1677\">\n<tr data-start=\"1615\" data-end=\"1677\">\n<th data-start=\"1615\" data-end=\"1633\">Product<\/th>\n<th data-start=\"1633\" data-end=\"1677\">Affected Versions<\/th>\n<\/tr>\n<\/thead>\n<tbody data-start=\"1741\" data-end=\"1866\">\n<tr data-start=\"1741\" data-end=\"1803\">\n<td class=\"max-w-[calc(var(--thread-content-max-width)*2\/3)]\" data-start=\"1741\" data-end=\"1759\">GitHub Desktop<\/td>\n<td class=\"max-w-[calc(var(--thread-content-max-width)*2\/3)]\" data-start=\"1759\" data-end=\"1803\">&lt; 3.3.4 (<a class=\"wpil_keyword_link\" href=\"https:\/\/apps.apple.com\/us\/app\/ameeba-chat\/id1670582506\"   title=\"macOS\" data-wpil-keyword-link=\"linked\"  data-wpil-monitor-id=\"29341\">macOS<\/a>), &lt; 3.3.6 (Windows)<\/td>\n<\/tr>\n<tr data-start=\"1804\" data-end=\"1866\">\n<td class=\"max-w-[calc(var(--thread-content-max-width)*2\/3)]\" data-start=\"1804\" data-end=\"1822\">Atom Editor<\/td>\n<td class=\"max-w-[calc(var(--thread-content-max-width)*2\/3)]\" data-start=\"1822\" data-end=\"1866\">All versions (with GitHub + <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-58158-harness-open-source-git-lfs-server-vulnerability\/\"  data-wpil-monitor-id=\"85505\">Git LFS<\/a>)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<hr class=\"\" data-start=\"1868\" data-end=\"1871\" \/>\n<h2 class=\"\" data-start=\"1873\" data-end=\"1897\">How the Exploit Works<\/h2>\n<p class=\"\" data-start=\"1899\" data-end=\"2327\">This <a class=\"wpil_keyword_link\" href=\"https:\/\/ameeba.com\"   title=\"vulnerability\" data-wpil-keyword-link=\"linked\"  data-wpil-monitor-id=\"29340\">vulnerability<\/a> is caused by insecure handling of Git LFS configuration and Git hooks during repository cloning or checkout.<br data-start=\"2026\" data-end=\"2029\" \/>Specifically, attackers can <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-24189-memory-corruption-vulnerability-due-to-maliciously-crafted-web-content-in-various-operating-systems\/\"  data-wpil-monitor-id=\"59010\">craft repositories that embed malicious<\/a> <code class=\"\" data-line=\"\">post-checkout<\/code> or <code class=\"\" data-line=\"\">post-merge<\/code> hooks within <code class=\"\" data-line=\"\">.gitattributes<\/code> and <code class=\"\" data-line=\"\">.git\/hooks<\/code>. When these repositories are cloned or opened using GitHub Desktop or Atom, the malicious <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-41788-critical-code-execution-vulnerability-in-sentron-7kt-pac1260-data-manager\/\"  data-wpil-monitor-id=\"30685\">code can be automatically executed<\/a> without alerting the user.<\/p>\n<p class=\"\" data-start=\"2329\" data-end=\"2364\">This creates a powerful vector for:<\/p>\n<ul data-start=\"2366\" data-end=\"2488\">\n<li class=\"\" data-start=\"2366\" data-end=\"2399\">\n<p class=\"\" data-start=\"2368\" data-end=\"2399\">Installing backdoors or spyware<\/p>\n<\/li>\n<li class=\"\" data-start=\"2400\" data-end=\"2445\">\n<p class=\"\" data-start=\"2402\" data-end=\"2445\">Exfiltrating <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-42933-vulnerability-exposing-sensitive-credentials-in-sap-business-one-native-client\/\"  data-wpil-monitor-id=\"88970\">sensitive files or credentials<\/a><\/p>\n<\/li>\n<li class=\"\" data-start=\"2446\" data-end=\"2488\">\n<p class=\"\" data-start=\"2448\" data-end=\"2488\">Taking <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-43564-improper-access-control-vulnerability-in-coldfusion-leading-to-arbitrary-file-system-read\/\"  data-wpil-monitor-id=\"49407\">control of the developer\u2019s system<\/a><\/p>\n<\/li>\n<\/ul>\n<p class=\"\" data-start=\"2490\" data-end=\"2693\">The attack is possible because Git LFS was executing hooks embedded in repositories without sufficient validation or <a class=\"wpil_keyword_link\" href=\"https:\/\/www.ameeba.com\"   title=\"sandboxing\" data-wpil-keyword-link=\"linked\"  data-wpil-monitor-id=\"29339\">sandboxing<\/a>, thereby allowing arbitrary script execution in a user\u2019s local environment.<\/p><div id=\"ameeb-2514374182\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<h2 class=\"\" data-start=\"2700\" data-end=\"2721\">Conceptual Example<\/h2>\n<p class=\"\" data-start=\"2723\" data-end=\"2807\">Below is a simplified conceptual illustration of how this attack may be carried out:<\/p>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary\">\n<div class=\"flex items-center text-token-text-secondary px-4 py-2 text-xs font-sans justify-between h-9 bg-token-sidebar-surface-primary dark:bg-token-main-surface-secondary select-none rounded-t-[5px]\">sql<\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"\" data-line=\"\">Repository Structure:<br \/>\n.git&lt;span class=&quot;hljs-operator&quot;&gt;\/&lt;\/span&gt;hooks&lt;span class=&quot;hljs-operator&quot;&gt;\/&lt;\/span&gt;post&lt;span class=&quot;hljs-operator&quot;&gt;-&lt;\/span&gt;checkout \u2192 &lt;span class=&quot;hljs-keyword&quot;&gt;Contains&lt;\/span&gt; malicious shell script<\/p>\n<p>.gitattributes:<br \/>\n&lt;span class=&quot;hljs-operator&quot;&gt;*&lt;\/span&gt;.bin &lt;span class=&quot;hljs-keyword&quot;&gt;filter&lt;\/span&gt;&lt;span class=&quot;hljs-operator&quot;&gt;=&lt;\/span&gt;lfs diff&lt;span class=&quot;hljs-operator&quot;&gt;=&lt;\/span&gt;lfs &lt;span class=&quot;hljs-keyword&quot;&gt;merge&lt;\/span&gt;&lt;span class=&quot;hljs-operator&quot;&gt;=&lt;\/span&gt;lfs &lt;span class=&quot;hljs-operator&quot;&gt;-&lt;\/span&gt;text<br \/>\n<\/code><\/div>\n<\/div>\n<p class=\"\" data-start=\"2958\" data-end=\"3127\">When a developer clones this repository and checks out a branch using GitHub Desktop, the <code class=\"\" data-line=\"\">post-checkout<\/code> hook is silently executed, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-0576-critical-vulnerability-in-totolink-lr1200gb-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"29916\">potentially compromising the system<\/a>.<\/p>\n<h2 class=\"\" data-start=\"3134\" data-end=\"3167\">Recommendations for Mitigation<\/h2>\n<p class=\"\" data-start=\"3169\" data-end=\"3260\">To mitigate CVE-2023-6528, users and organizations are advised to take the following steps:<\/p>\n<ul data-start=\"3262\" data-end=\"4025\">\n<li class=\"\" data-start=\"3262\" data-end=\"3394\">\n<p class=\"\" data-start=\"3264\" data-end=\"3292\"><strong data-start=\"3264\" data-end=\"3290\">Upgrade GitHub Desktop<\/strong><\/p>\n<ul data-start=\"3295\" data-end=\"3394\">\n<li class=\"\" data-start=\"3295\" data-end=\"3344\">\n<p class=\"\" data-start=\"3297\" data-end=\"3344\">Windows: Update to version <strong data-start=\"3324\" data-end=\"3333\">3.3.6<\/strong> or later<\/p>\n<\/li>\n<li class=\"\" data-start=\"3347\" data-end=\"3394\">\n<p class=\"\" data-start=\"3349\" data-end=\"3394\">macOS: Update to version <strong data-start=\"3374\" data-end=\"3383\">3.3.4<\/strong> or later<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li class=\"\" data-start=\"3395\" data-end=\"3533\">\n<p class=\"\" data-start=\"3397\" data-end=\"3533\"><strong data-start=\"3397\" data-end=\"3415\">Deprecate Atom<\/strong><br data-start=\"3415\" data-end=\"3418\" \/>Atom is no longer actively maintained and should be replaced with a supported editor, such as <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-20656-visual-studio-elevation-of-privilege-vulnerability\/\"  data-wpil-monitor-id=\"47193\">Visual Studio<\/a> Code.<\/p>\n<\/li>\n<li class=\"\" data-start=\"3534\" data-end=\"3697\">\n<p class=\"\" data-start=\"3536\" data-end=\"3697\"><strong data-start=\"3536\" data-end=\"3576\">Avoid Cloning Untrusted Repositories<\/strong><br data-start=\"3576\" data-end=\"3579\" \/>Only work with repositories from known sources. Always inspect <code class=\"\" data-line=\"\">.gitattributes<\/code> and <code class=\"\" data-line=\"\">.git\/hooks<\/code> manually if unsure.<\/p>\n<\/li>\n<li class=\"\" data-start=\"3698\" data-end=\"3870\">\n<p class=\"\" data-start=\"3700\" data-end=\"3870\"><strong data-start=\"3700\" data-end=\"3745\">Disable Git Hooks Execution (if possible)<\/strong><br data-start=\"3745\" data-end=\"3748\" \/>Configure your Git environment to avoid automatic hook execution, or monitor scripts with a sandbox or AppArmor profile.<\/p>\n<\/li>\n<li class=\"\" data-start=\"3871\" data-end=\"4025\">\n<p class=\"\" data-start=\"3873\" data-end=\"4025\"><strong data-start=\"3873\" data-end=\"3905\">Use Endpoint Detection Tools<\/strong><br data-start=\"3905\" data-end=\"3908\" \/><a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-21460-memory-corruption-vulnerability-in-guest-vm-buffer-processing-leading-to-system-compromise\/\"  data-wpil-monitor-id=\"59009\">Systems should be monitored for suspicious process<\/a> activity originating from Git binaries or developer directories.<\/p>\n<\/li>\n<\/ul>\n<h2 class=\"\" data-start=\"4032\" data-end=\"4056\">Timeline and Response<\/h2>\n<ul data-start=\"4058\" data-end=\"4237\">\n<li class=\"\" data-start=\"4058\" data-end=\"4089\">\n<p class=\"\" data-start=\"4060\" data-end=\"4089\"><strong data-start=\"4060\" data-end=\"4072\">Reported<\/strong>: November 2023<\/p>\n<\/li>\n<li class=\"\" data-start=\"4090\" data-end=\"4130\">\n<p class=\"\" data-start=\"4092\" data-end=\"4130\"><strong data-start=\"4092\" data-end=\"4113\">Patched by GitHub<\/strong>: December 2023<\/p>\n<\/li>\n<li class=\"\" data-start=\"4131\" data-end=\"4237\">\n<p class=\"\" data-start=\"4133\" data-end=\"4237\"><strong data-start=\"4133\" data-end=\"4161\">Exploitation in the Wild<\/strong>: No confirmed reports as of the publication date, but the risk remains high<\/p>\n<\/li>\n<\/ul>\n<h2 class=\"\" data-start=\"4244\" data-end=\"4263\">Closing Thoughts<\/h2>\n<p class=\"\" data-start=\"4265\" data-end=\"4566\">CVE-2023-6528 illustrates how even developer tools can become attack surfaces\u2014particularly when <a class=\"wpil_keyword_link\" href=\"https:\/\/www.ameeba.com\/chat\"   title=\"security\" data-wpil-keyword-link=\"linked\"  data-wpil-monitor-id=\"90992\">security<\/a> assumptions are made around common operations like cloning a repo. Developers are encouraged to remain vigilant, enforce strict policies for third-party code, and keep their toolchains up to date.<\/p>\n<p class=\"\" data-start=\"4568\" data-end=\"4723\">This <\/strong><a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-22655-sql-injection-vulnerability-in-caio-web-dev-cwd-stealth-links\/\"  data-wpil-monitor-id=\"37702\">vulnerability underscores the importance of <strong data-start=\"4617\" data-end=\"4648\">secure-by-default practices in dev<\/a> tooling and the need for continuous auditing of build environments.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview CVE-2023-6528 is a critical security vulnerability discovered in GitHub Desktop and Atom when used in combination with Git Large File Storage (Git LFS). This flaw allows remote attackers to execute arbitrary code on a user\u2019s system by distributing malicious repositories.Given the popularity of GitHub Desktop in both open-source and enterprise environments, the potential for [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[77,79,82],"product":[],"attack_vector":[80],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-18992","post","type-post","status-publish","format-standard","hentry","category-uncategorized","vendor-apple","vendor-github","vendor-microsoft","attack_vector-rce"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/18992","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=18992"}],"version-history":[{"count":23,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/18992\/revisions"}],"predecessor-version":[{"id":83950,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/18992\/revisions\/83950"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=18992"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=18992"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=18992"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=18992"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=18992"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=18992"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=18992"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=18992"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=18992"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}