top | item 46712298

(no title)

czk | 1 month ago

it sounds like the data can be involuntarily disclosed to an external third party (the attacker’s domain) purely because someone reviewed logs that auto-load remote images

their log viewer renders the markdown and their browser will make a request containing the sensitive data to the attackers domain where it can be logged and viewed

discuss

No comments yet.