Shopify
【50000刀】#1087489 Github access token exposure
今日最佳:这哥们在GitHub上发现Shopify员工开发的一个Electron应用,里面有Github access token,可以用于访问Shopify的github私有仓库,喜得50000刀~
HackerOne
#1234746 Private program disclosure through notifications
#493176 Partial report contents leakage - via HTTP/2 concurrent stream handling
Uber
#1257100 CVE-2020-3452 - unauthenticated file read on anyconnect.routematch.com
That single GraphQL issue that you keep missing · Doyensec's Blog
(https://blog.doyensec.com/2021/05/20/graphql-csrf.html)
[Size Matters — CVE-2021–0485 (High) | by +Ch0pin | Aug, 2021 | Medium]
(https://valsamaras.medium.com/size-matters-cve-2021-0485-cfa0a291f903)
https://github.com/ticarpi/jwt_tool
