{"id":6221,"date":"2022-04-19T03:12:49","date_gmt":"2022-04-19T01:12:49","guid":{"rendered":"https:\/\/www.almtoolbox.com\/blog\/?p=6221"},"modified":"2022-04-19T18:19:23","modified_gmt":"2022-04-19T16:19:23","slug":"github-repo-vulnerability-tokens","status":"publish","type":"post","link":"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/","title":{"rendered":"Vulnerabilities in 3rd-party Apps Have Caused Code Theft from GitHub"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-6222\" src=\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2022\/04\/github-red-brickwall.jpg\" alt=\"github vulnerabilities tokens\" width=\"700\" height=\"393\" srcset=\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2022\/04\/github-red-brickwall.jpg 700w, https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2022\/04\/github-red-brickwall-300x168.jpg 300w, https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2022\/04\/github-red-brickwall-150x84.jpg 150w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">GitHub reported that a hacker was apparently exploiting a security vulnerability or<br \/>\nhuman error on 3rd-party apps Travis and Heroku.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The security vulnerability exposed the tokens,<br \/>\nallowing the hacker to steal the tokens and utilize them to enter private repositories on GitHub (including NPM)<br \/>\nso he managed to download those repositories &#8211; including all the code and information in them.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">That means: Vulnerabilities in 3rd-party apps have caused code theft from GitHub<\/span><\/p>\n<h2>How could you prevent a similar hack to your git repo?<\/h2>\n<p><span style=\"font-weight: 400;\">There are several different solutions &#8211; and you should implement them all:<\/span><\/p>\n<h3>1) Reduce permissions<\/h3>\n<p><span style=\"font-weight: 400;\">If you use GitHub in the public cloud (github.com)and give 3rd-party vendors an Oauth access (the kind of tokens stolen) &#8211;<br \/>\n<\/span><span style=\"font-weight: 400;\">minimize the permissions you give third parties to access your information.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">You should also go over the permissions they are requesting, and make sure that they are not too broad and permissive.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A common mistake is to give sweeping or overarching permissions.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The same is true when granting permissions to GitHub Apps (which generate tokens as well).<\/span><\/p>\n<h3>2) Add protective layers<\/h3>\n<p><span style=\"font-weight: 400;\">You should also consider moving to GitHub \/ GitLab Enterprise on a private server<br \/>\n<\/span><span style=\"font-weight: 400;\">(on-premises \/ single tenant \/ self-managed) behind additional layers of protection such as firewall, SSO or <a href=\"https:\/\/www.almtoolbox.com\/akeyless-remote-access\" target=\"_blank\" rel=\"noopener\">Secure Remote Access<\/a>,<\/span><\/p>\n<p><span style=\"font-weight: 400;\">or use authorized IP addresses only (in public cloud editions), w<\/span><span style=\"font-weight: 400;\">hich provide additional layers of protection against unauthorized users from around the world.<\/span><\/p>\n<h3>3) Protect Secrets<\/h3>\n<p><span style=\"font-weight: 400;\">Beyond that &#8211; it is important that the 3rd-party vendor stores the tokens in a centralized Vault tool &#8211; Which would have made it very difficult for hackers to obtain the tokens (making it almost always unattainable).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If you use such third parties &#8211; check or ensure (as part of your supply chain) that they store it in Vault tools such as the Akeyless Vault (SaaS and a hybrid solution) or HashiCorp for closed networks.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The same is true for any app that gives third-party access permissions using tokens.<\/span><\/p>\n<div class=\"\" style=\"border: 1px solid #eacd85; background: #ffeec5; padding: 1.1em 1.2em; border-radius: 4px;\">\n<p><i><span style=\"font-weight: 400;\">ALM-Toolbox provides ALM and DevSecOps solutions and can help you protect your repositories and your software \/cloud environments.<br \/>\n<\/span><\/i><i><span style=\"font-weight: 400;\">Contact us: <\/span><\/i><a href=\"mailto:devsecops@almtoolbox.com\" target=\"_blank\" rel=\"noopener\"><i><span style=\"font-weight: 400;\">devsecops@almtoolbox.com<\/span><\/i><\/a><i><span style=\"font-weight: 400;\"> or +31 85 064 4633 (international) or 866-503-1471 (USA\/Canada)<\/span><\/i><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>GitHub reported that a hacker was apparently exploiting a security vulnerability or human error on 3rd-party apps Travis and Heroku. The security vulnerability exposed the tokens, allowing the hacker to steal the tokens and utilize them to enter private repositories on GitHub (including NPM) so he managed to download those repositories &#8211; including all the [&hellip;]<\/p>\n","protected":false},"author":10,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[184,151,156],"tags":[],"class_list":["post-6221","post","type-post","status-publish","format-standard","hentry","category-devsecops","category-github","category-github-enterprise"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Vulnerabilities in 3rd-party Apps Have Caused Code Theft from GitHub - ALMtoolbox News<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilities in 3rd-party Apps Have Caused Code Theft from GitHub - ALMtoolbox News\" \/>\n<meta property=\"og:description\" content=\"GitHub reported that a hacker was apparently exploiting a security vulnerability or human error on 3rd-party apps Travis and Heroku. The security vulnerability exposed the tokens, allowing the hacker to steal the tokens and utilize them to enter private repositories on GitHub (including NPM) so he managed to download those repositories &#8211; including all the [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/\" \/>\n<meta property=\"og:site_name\" content=\"ALMtoolbox News\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/almtoolbox.israel\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-19T01:12:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-04-19T16:19:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2022\/04\/github-red-brickwall.jpg\" \/>\n<meta name=\"author\" content=\"Tamir Gefen\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Dikla\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tamir Gefen\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/\"},\"author\":{\"name\":\"Tamir Gefen\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/409e35aa3486f92208065230bb6ebb63\"},\"headline\":\"Vulnerabilities in 3rd-party Apps Have Caused Code Theft from GitHub\",\"datePublished\":\"2022-04-19T01:12:49+00:00\",\"dateModified\":\"2022-04-19T16:19:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/\"},\"wordCount\":365,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2022\/04\/github-red-brickwall.jpg\",\"articleSection\":[\"DevSecOps\",\"GitHub\",\"GitHub Enterprise\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/\",\"url\":\"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/\",\"name\":\"Vulnerabilities in 3rd-party Apps Have Caused Code Theft from GitHub - ALMtoolbox News\",\"isPartOf\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2022\/04\/github-red-brickwall.jpg\",\"datePublished\":\"2022-04-19T01:12:49+00:00\",\"dateModified\":\"2022-04-19T16:19:23+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/#primaryimage\",\"url\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2022\/04\/github-red-brickwall.jpg\",\"contentUrl\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2022\/04\/github-red-brickwall.jpg\",\"width\":700,\"height\":393,\"caption\":\"github vulnerabilities tokens\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.almtoolbox.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilities in 3rd-party Apps Have Caused Code Theft from GitHub\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#website\",\"url\":\"https:\/\/www.almtoolbox.com\/blog\/\",\"name\":\"ALMtoolbox News\",\"description\":\"All the news of ALMtoolbox\",\"publisher\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.almtoolbox.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#organization\",\"name\":\"ALMtoolbox\",\"url\":\"https:\/\/www.almtoolbox.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2015\/10\/logo.png\",\"contentUrl\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2015\/10\/logo.png\",\"width\":410,\"height\":190,\"caption\":\"ALMtoolbox\"},\"image\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/almtoolbox.israel\/\",\"https:\/\/www.linkedin.com\/company\/almtoolbox\/\",\"https:\/\/www.youtube.com\/user\/GoMidjets\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/409e35aa3486f92208065230bb6ebb63\",\"name\":\"Tamir Gefen\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3d4df00aa386b2805c42441dfebcedd46abf25846febb352f00c11524d994c4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3d4df00aa386b2805c42441dfebcedd46abf25846febb352f00c11524d994c4?s=96&d=mm&r=g\",\"caption\":\"Tamir Gefen\"},\"sameAs\":[\"https:\/\/x.com\/Dikla\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilities in 3rd-party Apps Have Caused Code Theft from GitHub - ALMtoolbox News","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilities in 3rd-party Apps Have Caused Code Theft from GitHub - ALMtoolbox News","og_description":"GitHub reported that a hacker was apparently exploiting a security vulnerability or human error on 3rd-party apps Travis and Heroku. The security vulnerability exposed the tokens, allowing the hacker to steal the tokens and utilize them to enter private repositories on GitHub (including NPM) so he managed to download those repositories &#8211; including all the [&hellip;]","og_url":"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/","og_site_name":"ALMtoolbox News","article_publisher":"https:\/\/www.facebook.com\/almtoolbox.israel\/","article_published_time":"2022-04-19T01:12:49+00:00","article_modified_time":"2022-04-19T16:19:23+00:00","og_image":[{"url":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2022\/04\/github-red-brickwall.jpg","type":"","width":"","height":""}],"author":"Tamir Gefen","twitter_card":"summary_large_image","twitter_creator":"@Dikla","twitter_misc":{"Written by":"Tamir Gefen","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/#article","isPartOf":{"@id":"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/"},"author":{"name":"Tamir Gefen","@id":"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/409e35aa3486f92208065230bb6ebb63"},"headline":"Vulnerabilities in 3rd-party Apps Have Caused Code Theft from GitHub","datePublished":"2022-04-19T01:12:49+00:00","dateModified":"2022-04-19T16:19:23+00:00","mainEntityOfPage":{"@id":"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/"},"wordCount":365,"commentCount":0,"publisher":{"@id":"https:\/\/www.almtoolbox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/#primaryimage"},"thumbnailUrl":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2022\/04\/github-red-brickwall.jpg","articleSection":["DevSecOps","GitHub","GitHub Enterprise"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/","url":"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/","name":"Vulnerabilities in 3rd-party Apps Have Caused Code Theft from GitHub - ALMtoolbox News","isPartOf":{"@id":"https:\/\/www.almtoolbox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/#primaryimage"},"image":{"@id":"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/#primaryimage"},"thumbnailUrl":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2022\/04\/github-red-brickwall.jpg","datePublished":"2022-04-19T01:12:49+00:00","dateModified":"2022-04-19T16:19:23+00:00","breadcrumb":{"@id":"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/#primaryimage","url":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2022\/04\/github-red-brickwall.jpg","contentUrl":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2022\/04\/github-red-brickwall.jpg","width":700,"height":393,"caption":"github vulnerabilities tokens"},{"@type":"BreadcrumbList","@id":"https:\/\/www.almtoolbox.com\/blog\/github-repo-vulnerability-tokens\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.almtoolbox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilities in 3rd-party Apps Have Caused Code Theft from GitHub"}]},{"@type":"WebSite","@id":"https:\/\/www.almtoolbox.com\/blog\/#website","url":"https:\/\/www.almtoolbox.com\/blog\/","name":"ALMtoolbox News","description":"All the news of ALMtoolbox","publisher":{"@id":"https:\/\/www.almtoolbox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.almtoolbox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.almtoolbox.com\/blog\/#organization","name":"ALMtoolbox","url":"https:\/\/www.almtoolbox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2015\/10\/logo.png","contentUrl":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2015\/10\/logo.png","width":410,"height":190,"caption":"ALMtoolbox"},"image":{"@id":"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/almtoolbox.israel\/","https:\/\/www.linkedin.com\/company\/almtoolbox\/","https:\/\/www.youtube.com\/user\/GoMidjets"]},{"@type":"Person","@id":"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/409e35aa3486f92208065230bb6ebb63","name":"Tamir Gefen","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3d4df00aa386b2805c42441dfebcedd46abf25846febb352f00c11524d994c4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3d4df00aa386b2805c42441dfebcedd46abf25846febb352f00c11524d994c4?s=96&d=mm&r=g","caption":"Tamir Gefen"},"sameAs":["https:\/\/x.com\/Dikla"]}]}},"_links":{"self":[{"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/posts\/6221","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/comments?post=6221"}],"version-history":[{"count":7,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/posts\/6221\/revisions"}],"predecessor-version":[{"id":6234,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/posts\/6221\/revisions\/6234"}],"wp:attachment":[{"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/media?parent=6221"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/categories?post=6221"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/tags?post=6221"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}