"If a user uses the rclone sync command to migrate data between different Google Cloud Storage buckets, a situation is created where the full contents of any arbitrary URL chosen by the Google Cloud Storage API server will be silently sent to Google."

We're seeing numerous API libraries that subtly trust the security of API endpoints.

"Google has declined to fix the above vulnerability through their security vulnerability reporting program."

Sign in to participate in the conversation

Octodon is a nice general purpose instance. more