The privileged daemon that used shell-quote

https://wh0.github.io/2021/11/10/glitch-ot-rm.html

In 2020, I discovered a root privilege escalation vulnerability in the way Glitch deletes project files. This vulnerability is now fixed.

From a cautionary challenge by RiversideRocks, to a root access discovery, to a critical CVE on an npm package that has more than 10M weekly downloads. This was quite a journey!

6 Likes