The privileged daemon that used shell-quote

In 2020, I discovered a root privilege escalation vulnerability in the way Glitch deletes project files. This vulnerability is now fixed.

From a cautionary challenge by RiversideRocks, to a root access discovery, to a critical CVE on an npm package that has more than 10M weekly downloads. This was quite a journey!


This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.