Y
Hacker News
new
|
ask
|
show
|
jobs
by
orf
734 days ago
What is the actual vulnerability? The post is super light on details.
1 comments
lostmsu
734 days ago
Sounds like they added token to all requests done by the plugin, so when you opened a pull request and linked an image from 3rd party, the 3rd party would receive your token.
link