3 comments

[ 3.0 ms ] story [ 21.0 ms ] thread
(comment deleted)
Technical details: "The plugin does not authenticate the request, which means that the attacker can insert another memberId (aka the victim) and get a code that represents the victim. With that code, he can use ChatGPT and access the GitHub of the victim."