Comment by ajross
13 days ago
> Any vulnerability that can be characterised as "pass contents through parser, full RCE" is a 10/10 vulnerability for me
And I think that's just wildly wrong sorry. I view something exploited in the wild to compromise real systems as a higher impact than something that isn't, and want to see a "score" value that reflects that (IMHO, critical) distinction. Agree to disagree, as it were.
No comments yet
Contribute on Hacker News ↗