| ▲ | bpt3 4 hours ago | |
What about this is a vulnerability, let alone one that requires responsible disclosure? Untrusted data sources can provide data that causes bad things to occur. If that's a vulnerability, then any application that ingests data is riddled with vulnerabilities. I agree that the behavior should change from a default of allowing external network requests to denying them, but this "report" reads like overly dramatic marketing BS. | ||
| ▲ | Terr_ 3 hours ago | parent | next [-] | |
> Untrusted data sources can provide data that causes bad things to occur. If that's a vulnerability, then any application that ingests data is riddled with vulnerabilities. There's an important difference between "the import had bad numbers so the report is wrong" versus "the import had a virus and now our network is compromised." They are not the same kind of failure, they don't have the same impacts, and they don't involve the same mechanisms for prevention, detection, or remediation. | ||
| ▲ | anonymars 3 hours ago | parent | prev | next [-] | |
Yes, stamping out file format vulnerabilities is indeed a Sisyphean task For example https://en.wikipedia.org/wiki/Melissa_(computer_virus) | ||
| ▲ | 3 hours ago | parent | prev [-] | |
| [deleted] | ||