|
|
|
|
|
|
by czk
152 days ago
|
|
|
it sounds like the data can be involuntarily disclosed to an external third party (the attacker’s domain) purely because someone reviewed logs that auto-load remote images their log viewer renders the markdown and their browser will make a request containing the sensitive data to the attackers domain where it can be logged and viewed |
|
|