Sky Remote Code Execution Bugfix Review
On 25 September 2023, a security researcher named xss submitted a critical vulnerability to Sky (formerly known as MakerDAO) through Immunefi. The white-hat was able to execute malicious code on vote.makerdao.com to extract sensitive content from the filesystem such as /etc/passwd. The vulnerability has since been fixed, on Sep 28, 2023. The report was validated and confirmed by the Sky team […]