At least some responsibility lies with the white-hat security researcher who documented the vuln in a findable repo.