@kkarhan please just wait for the full disclosure on the 25th; I know you're trying to be helpful but you're misunderstanding the type of vulnerability.
Top-level
@kkarhan please just wait for the full disclosure on the 25th; I know you're trying to be helpful but you're misunderstanding the type of vulnerability. 2 comments
@kkarhan there's already a CVE and a security advisory on github. For now it's not necessary as far as I know for CERT to be involved |
@thisismissem okay...
I do accept amd understand #ResponsibleDisclosure and why people should first fix it...
Needless to say said CERTs should be made aware as their publications & feeds are also being read by Hosters who may also have the ability to scan their customers' systems and notify them as well or if necessary forcibly shut down vulnerable instances before they get hacked...