-
big-list-of-naughty-strings
The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Apple bois - just run your application through the BLNS list and you would have caught this at the 9th entry:
https://github.com/minimaxir/big-list-of-naughty-strings/blo...
> They tend to react with "either you can show us that this is a real danger or we'll ignore it".
This is a bit of a Catch-22 situation, as I get the feeling that proving the danger would often involve doing things that bounty programs specifically forbid, such as "Moving beyond “proof of concept” repro steps"[0]. That may be part of the reason why Microsoft got away with such a stingy response to the RCE vulnerability found in Teams by Oskars Vegeris.[1]
[0] https://www.microsoft.com/en-us/msrc/bounty-online-services?...
[1] https://github.com/oskarsve/ms-teams-rce/blob/main/README.md