An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ .
https://docs.github.com/en/[email protected]/admin/release-notes#3.9.1
https://docs.github.com/en/[email protected]/admin/release-notes#3.8.9
https://docs.github.com/en/[email protected]/admin/release-notes#3.7.13
https://docs.github.com/en/[email protected]/admin/release-notes#3.6.16