WebSocket RCE in the CurseForge Launcher

Uncategorized
Yanac

Little write-up for a patched WebSocket-based RCE I found in the CurseForge launcher. It involved an unauthenticated local websocket API reachable from the browser, which could be abused to execute arbitrary code. Happy to answer any questions if anyone has any! submitted by /u/elliott-diy [link] [comments]Technical Information Security Content & DiscussionRead More