Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/LukaszOlejnik/statuses/114454277500230445">Lukasz Olejnik (lukaszolejnik@mastodon.social)'s status on Monday, 05-May-2025 18:56:07 JST</a><a href="https://mastodon.social/@LukaszOlejnik" title="lukaszolejnik@mastodon.social"><img src="https://gnusocial.jp/avatar/18834-48-20221107075922.webp" width="48" height="48" alt="Lukasz Olejnik" style="position: absolute; left: 0; top: 0;">Lukasz Olejnik</a></section><article><p>AI vulnerability/bug founds and reports is a huge problem. Curl has banned the use of AI-generated submissions via HackerOne because none of it made any sense, and is a waste of resources and time. "We are effectively being DDoSed. If we could, we would charge them for this waste of our time" <a href="https://hackerone.com/reports/3125832" rel="nofollow">https://hackerone.com/reports/3125832</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/5006454#notice-9812604">In conversation</a><time datetime="2025-05-05T18:56:07+09:00" title="Monday, 05-May-2025 18:56:07 JST">about 2 months ago</time> <span>from <span><a href="https://mastodon.social/@LukaszOlejnik/114454277500230445" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@LukaszOlejnik/114454277500230445">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/4578167">Untitled attachment</a></label><br><a href="https://files.mastodon.social/media_attachments/files/114/454/277/293/207/426/original/d4f09be134e938bc.png" rel="external">https://files.mastodon.social/media_attachments/files/114/454/277/293/207/426/original/d4f09be134e938bc.png</a></li><li><article><header><div>Domain not in remote thumbnail source whitelist: profile-photos.hackerone-user-content.com</div><h5><a href="https://hackerone.com/reports/3125832">curl disclosed on HackerOne: HTTP/3 Stream Dependency Cycle Exploit</a></h5><div></div></header><div>**Penetration Testing Report: HTTP/3 Stream Dependency Cycle Exploit**---# **0x00 Overview**A novel exploit leveraging stream dependency cycles in the HTTP/3 protocol stack was discovered, resulting in memory corruption and potential denial-of-service or remote code execution scenarios when used against HTTP/3-capable clients such as `curl` (tested on version 8.13.0). This report details...</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Lukasz Olejnik (lukaszolejnik@mastodon.social)'s status on Monday, 05-May-2025 18:56:07 JST Lukasz Olejnik
AI vulnerability/bug founds and reports is a huge problem. Curl has banned the use of AI-generated submissions via HackerOne because none of it made any sense, and is a waste of resources and time. "We are effectively being DDoSed. If we could, we would charge them for this waste of our time" https://hackerone.com/reports/3125832
In conversationabout 2 months ago from mastodon.socialpermalink
Attachments
1. Untitled attachment
  https://files.mastodon.social/media_attachments/files/114/454/277/293/207/426/original/d4f09be134e938bc.png
2. Domain not in remote thumbnail source whitelist: profile-photos.hackerone-user-content.com
  curl disclosed on HackerOne: HTTP/3 Stream Dependency Cycle Exploit
  **Penetration Testing Report: HTTP/3 Stream Dependency Cycle Exploit** --- # **0x00 Overview** A novel exploit leveraging stream dependency cycles in the HTTP/3 protocol stack was discovered, resulting in memory corruption and potential denial-of-service or remote code execution scenarios when used against HTTP/3-capable clients such as `curl` (tested on version 8.13.0). This report details...

Public

Embed Notice

HTML Code

Corresponding Notice