Gregory's ServerShout out to @puckipedia for finding CVE-2022-24307, shout out to the European Commission for sponsoring a bug bounty program that incentivized the discovery, and shout out to @Claire for organizing the patch releases!
 4 comments
@Gargron @puckipedia @Claire Good work! Where can we learn what CVE-2022-24307 is about? Apparently it's not public.  |
@Gargron Any timeline for CVE release? kind of curious, but not familiar enough with either JSON-LD or ruby to infer in what way it is exploitable from the patch