|
|
|
|
|
|
by Steltek
2512 days ago
|
|
|
I've been waiting to hear more about this since the abstract was published. What was the timelines involved here? PayPal, Trello, and others were contacted over the course of this investigation. It would be nice to know what their response times were to such a serious vulnerability. |
|
|
Trello patched it in roughly 10 days. In general I found companies took longer to patch this issue than other similar-severity vulnerabilities, probably because it's conceptually unfamiliar so I frequently had to spend quite a while explaining it, and the patch itself appears to be challenging sometimes too.