{"id":3674,"date":"2024-01-23T05:25:31","date_gmt":"2024-01-23T05:25:31","guid":{"rendered":"https:\/\/signmycode.com\/blog\/?p=3674"},"modified":"2024-01-23T05:25:32","modified_gmt":"2024-01-23T05:25:32","slug":"new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner","status":"publish","type":"post","link":"https:\/\/signmycode.com\/blog\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner","title":{"rendered":"Researchers Demo New CI\/CD Attack in PyTorch Supply-Chain that Exploiting GitHub Self-Hosted Action Runner"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">The new guidelines to secure GitHub repositories are being followed by every enterprise. These new protocols were circulated after discovering a vulnerable loophole in the self-hosted action runner in August 2023.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To know more about the vulnerability, how and who discovered it, and its mitigation, read further.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Must To Understand Attack Prerequisites<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Before you learn about the exact vulnerability and its exploitation, it\u2019s necessary to gain an overview of one of the crucial terms: GitHub Self-Hosted Action Runner.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">On the GitHub platform, multiple pre-configured runners are available for Windows, macOS, and Linux operating systems. Organizations can utilize these runners to commit, manage, and deploy their code to the production ecosystem.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Further, one of the runners on GitHub is a self-hosted runner. It allows enterprises to connect the GitHub repository with their on-premises infrastructure. It aids them to run multiple operating systems simultaneously and utilize additional software and hardware as required.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Primary Highlights of GitHub Self-Hosted Action Runner Exploitation<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The GitHub vulnerability announced in December 2023 was the result of research concluded in August 2023 by two security researchers \u2013 <a href=\"https:\/\/adnanthekhan.com\/2023\/12\/20\/one-supply-chain-attack-to-rule-them-all\/\">Adnan Khan<\/a> and <a href=\"https:\/\/johnstawinski.com\/2024\/01\/11\/playing-with-fire-how-we-executed-a-critical-supply-chain-attack-on-pytorch\/\">John Stawinski<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">During the research, it was discovered that GitHub self-hosted runners are vulnerable, and their unauthorized access can be effortlessly gained. With only a fork pull request, an attacker can gain access, execute arbitrary code and workflows, and retain its presence in the internal repositories.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>While both Khan and Stawinski were drilling down the vulnerability, their victim list increased to the following repositories:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Microsoft Deepspeed<\/li>\n\n\n\n<li>TensorFlow<\/li>\n\n\n\n<li>PyTorch<\/li>\n\n\n\n<li>Cloudflare application<\/li>\n\n\n\n<li>Crypto Wallets<\/li>\n\n\n\n<li>Blockchain nodes<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Above all, PyTorch repository exploitation made this research popular, as it&#8217;s the most used machine learning algorithm.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The researchers submitted a fork pull request to the PyTorch repository, and they were added to the contributors list. It led them to access other workflows inside the repo and perform actions of their choice. In addition, admin credentials, AWS secrets, and security tokens were breached while analyzing the exploit.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Furthermore, the vulnerability was so easy to exploit that researchers only corrected a typo and submitted the pull request. Following this, the request was approved, and the privilege to execute malicious code was automatically handed over. Also, they were able to execute GitHub PATs, modify branch paths, and upload malicious releases to production.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">However, there\u2019s a twist to exploiting this self-hosted runner vulnerability. The attacker\u2019s pull request must be approved once so that while performing the attack, they don&#8217;t get detected as first-time contributors.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Final Result of the Research<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The final conclusion of the research is as follows:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The settings of fork pull requests being committed without approval make the repositories vulnerable.<\/li>\n\n\n\n<li>Once exploited, confidential data inside the repository can be accessed by a contributor.<\/li>\n\n\n\n<li>If weak security mechanisms are implemented, attackers can gain entry into on-premises infrastructure.<\/li>\n\n\n\n<li>An attacker can use the vulnerable loophole to add <a href=\"https:\/\/signmycode.com\/blog\/what-is-a-malicious-code-how-can-an-organization-protect-against-malicious-code\">malicious code<\/a> in the final source code repo. It will lead the customer base to be a victim of a malware attack.<\/li>\n\n\n\n<li>Immediate action is required by enterprises to patch the vulnerability.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">What Happened After Reporting the Vulnerability?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">After conducting research and performing all significant <a href=\"https:\/\/johnstawinski.com\/2024\/01\/11\/playing-with-fire-how-we-executed-a-critical-supply-chain-attack-on-pytorch\/\">exploitation methods<\/a>, Khan and Stawinski reported the issue to GitHub and all other repository owners. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">They mirrored the procedures and modified the pull request approval settings to mitigate the attacks. Also, GitHub published new guidelines for companies using the same settings as PyTorch to help them prevent CI\/CD attacks.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Moreover, after the report was validated, researchers got a bounty of $20,000 and $5,000 from GitHub and Meta AI (PyTorch developer company), respectively.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Concluding Up: What You Should Execute Next?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">To safeguard your GitHub repos and associated on-premises infrastructure, you should modify the pull request settings from \u201cRequire approval for first-time contributors\u201d to \u201cRequire approval for all outside collaborators.\u201d<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"610\" height=\"213\" src=\"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2024\/01\/require-approval-for-all-outside-collabrators.png\" alt=\"GitHub Repos Require Approval\" class=\"wp-image-3676\" srcset=\"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2024\/01\/require-approval-for-all-outside-collabrators.png 610w, https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2024\/01\/require-approval-for-all-outside-collabrators-300x105.png 300w\" sizes=\"auto, (max-width: 610px) 100vw, 610px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">In addition, you must check the content of every pull request and the contributor&#8217;s history and authenticity before approval. As a result, the chances of suffering a cyber-attack and compromising the software supply chain will be reduced.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The new guidelines to secure GitHub repositories are being followed by every enterprise. These new protocols were circulated after discovering a vulnerable loophole in the self-hosted action runner in August 2023. To know more about the vulnerability, how and who discovered it, and its mitigation, read further. Must To Understand Attack Prerequisites Before you learn&hellip; <a class=\"more-link\" href=\"https:\/\/signmycode.com\/blog\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner\">Read More <span class=\"screen-reader-text\">Researchers Demo New CI\/CD Attack in PyTorch Supply-Chain that Exploiting GitHub Self-Hosted Action Runner<\/span><\/a> <\/p>\n","protected":false},"author":1,"featured_media":3682,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[457,641],"tags":[665,668,666,667],"class_list":["post-3674","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-developers-guide","category-windows-security","tag-new-class-of-ci-cd-attack","tag-pytorch-supply-chain","tag-self-hosted-github-actions-runners","tag-supply-chain-attack","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.6 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>New CI\/CD Attacks, Exploiting GitHub Self-Hosted Action Runner<\/title>\n<meta name=\"description\" content=\"Researchers demo new CI\/CD attack techniques in PyTorch supply-chain to Rule Them All \u2013 Poisoning GitHub\u2019s Runner Images!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/signmycode.com\/blog\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Researchers Demo New CI\/CD Attack in PyTorch Supply-Chain that Exploiting GitHub Self-Hosted Action Runner\" \/>\n<meta property=\"og:description\" content=\"Researchers demo new CI\/CD attack techniques in PyTorch supply-chain to Rule Them All \u2013 Poisoning GitHub\u2019s Runner Images!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/signmycode.com\/blog\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner\" \/>\n<meta property=\"og:site_name\" content=\"SignMyCode - Blog\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-23T05:25:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-23T05:25:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2024\/01\/new-cicd-attacks-exploiting-github-self-hosted-action-runner-jpg.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"912\" \/>\n\t<meta property=\"og:image:height\" content=\"453\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Janki Mehta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Janki Mehta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner\",\"url\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner\",\"name\":\"New CI\\\/CD Attacks, Exploiting GitHub Self-Hosted Action Runner\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/new-cicd-attacks-exploiting-github-self-hosted-action-runner-jpg.webp\",\"datePublished\":\"2024-01-23T05:25:31+00:00\",\"dateModified\":\"2024-01-23T05:25:32+00:00\",\"description\":\"Researchers demo new CI\\\/CD attack techniques in PyTorch supply-chain to Rule Them All \u2013 Poisoning GitHub\u2019s Runner Images!\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/signmycode.com\\\/blog\\\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner#primaryimage\",\"url\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/new-cicd-attacks-exploiting-github-self-hosted-action-runner-jpg.webp\",\"contentUrl\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/new-cicd-attacks-exploiting-github-self-hosted-action-runner-jpg.webp\",\"width\":912,\"height\":453,\"caption\":\"CICD Attacks Github Runner\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Researchers Demo New CI\\\/CD Attack in PyTorch Supply-Chain that Exploiting GitHub Self-Hosted Action Runner\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/\",\"name\":\"SignMyCode - Blog\",\"description\":\"Code Signing News, Updates\",\"publisher\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#organization\",\"name\":\"SignMyCode.com\",\"url\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/logo1.png\",\"contentUrl\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/logo1.png\",\"width\":135,\"height\":86,\"caption\":\"SignMyCode.com\"},\"image\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"New CI\/CD Attacks, Exploiting GitHub Self-Hosted Action Runner","description":"Researchers demo new CI\/CD attack techniques in PyTorch supply-chain to Rule Them All \u2013 Poisoning GitHub\u2019s Runner Images!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/signmycode.com\/blog\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner","og_locale":"en_US","og_type":"article","og_title":"Researchers Demo New CI\/CD Attack in PyTorch Supply-Chain that Exploiting GitHub Self-Hosted Action Runner","og_description":"Researchers demo new CI\/CD attack techniques in PyTorch supply-chain to Rule Them All \u2013 Poisoning GitHub\u2019s Runner Images!","og_url":"https:\/\/signmycode.com\/blog\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner","og_site_name":"SignMyCode - Blog","article_published_time":"2024-01-23T05:25:31+00:00","article_modified_time":"2024-01-23T05:25:32+00:00","og_image":[{"width":912,"height":453,"url":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2024\/01\/new-cicd-attacks-exploiting-github-self-hosted-action-runner-jpg.webp","type":"image\/jpeg"}],"author":"Janki Mehta","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Janki Mehta","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/signmycode.com\/blog\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner","url":"https:\/\/signmycode.com\/blog\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner","name":"New CI\/CD Attacks, Exploiting GitHub Self-Hosted Action Runner","isPartOf":{"@id":"https:\/\/signmycode.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/signmycode.com\/blog\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner#primaryimage"},"image":{"@id":"https:\/\/signmycode.com\/blog\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner#primaryimage"},"thumbnailUrl":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2024\/01\/new-cicd-attacks-exploiting-github-self-hosted-action-runner-jpg.webp","datePublished":"2024-01-23T05:25:31+00:00","dateModified":"2024-01-23T05:25:32+00:00","description":"Researchers demo new CI\/CD attack techniques in PyTorch supply-chain to Rule Them All \u2013 Poisoning GitHub\u2019s Runner Images!","breadcrumb":{"@id":"https:\/\/signmycode.com\/blog\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/signmycode.com\/blog\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/signmycode.com\/blog\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner#primaryimage","url":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2024\/01\/new-cicd-attacks-exploiting-github-self-hosted-action-runner-jpg.webp","contentUrl":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2024\/01\/new-cicd-attacks-exploiting-github-self-hosted-action-runner-jpg.webp","width":912,"height":453,"caption":"CICD Attacks Github Runner"},{"@type":"BreadcrumbList","@id":"https:\/\/signmycode.com\/blog\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/signmycode.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Researchers Demo New CI\/CD Attack in PyTorch Supply-Chain that Exploiting GitHub Self-Hosted Action Runner"}]},{"@type":"WebSite","@id":"https:\/\/signmycode.com\/blog\/#website","url":"https:\/\/signmycode.com\/blog\/","name":"SignMyCode - Blog","description":"Code Signing News, Updates","publisher":{"@id":"https:\/\/signmycode.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/signmycode.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/signmycode.com\/blog\/#organization","name":"SignMyCode.com","url":"https:\/\/signmycode.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/signmycode.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2021\/10\/logo1.png","contentUrl":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2021\/10\/logo1.png","width":135,"height":86,"caption":"SignMyCode.com"},"image":{"@id":"https:\/\/signmycode.com\/blog\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/posts\/3674","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/comments?post=3674"}],"version-history":[{"count":2,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/posts\/3674\/revisions"}],"predecessor-version":[{"id":3683,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/posts\/3674\/revisions\/3683"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/media\/3682"}],"wp:attachment":[{"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/media?parent=3674"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/categories?post=3674"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/tags?post=3674"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}