I'd still be curious to see any sort of proof-of-concept walkthrough for how an attacker would leverage this to some nefarious end. I don't question whether it needs prompt fixing, but if it's not directly exploitable then we shouldn't burn additional effort on embargoed security advisory processes.
I'd still be curious to see any sort of proof-of-concept walkthrough for how an attacker would leverage this to some nefarious end. I don't question whether it needs prompt fixing, but if it's not directly exploitable then we shouldn't burn additional effort on embargoed security advisory processes.