> 9:21 PM on July 16, 2020 we received a very detailed report from Masato outlin... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tines on Oct 19, 2020 \| parent \| context \| favorite \| on: Discord Desktop App RCE > 9:21 PM on July 16, 2020 we received a very detailed report from Masato outlining this exploit. > 9:34 PM: Ticket acknowledged - and we began a deploy that would disable sketchfab embeds within the app, to remediate this known attack vector. Did you have time to verify the claims in the bug report in this short window?

time0ut on Oct 19, 2020 [–]

It wouldn't take long to confirm that XSS vulnerability, which, by itself, would warrant disabling embeds from that domain.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact