Last year, I had a few weeks between jobs and decided to look at the infrastructure security of random Linux distributions with the good friends at Fenrisk.

We ended up getting code execution on the Fedora Git forge hosting all package sources and on the Open Build Service instance of openSUSE […]

I'm very happy to finally share the second part of my DOMPurify security research 🔥

This article mostly focuses on DOMPurify misconfigurations, especially hooks, that downgrade the sanitizer's protection (even in the latest version)!

Link 👇
mizu.re/post/explori...

1/2