Bug Tales: deserialization meets squatting
Background The issue I’m about to describe was reported as part of public bug bounty program. It was reported, bounty was granted1, and issue is now fixed. However, vendor disagreed to disclose the issue, therefor I will not name vendor or product.
Continue Reading