alt Hacker NewsIt is baffling to me, as well. You know how you get a remote-code-execution vulnerability? You give a bunch of software permission to fetch code remotely and execute it.
It is baffling to me, as well. You know how you get a remote-code-execution vulnerability? You give a bunch of software permission to fetch code remotely and execute it.
Like… browser? Or anything with script loading capabilities like script engine in games. Executing remote script is almost unavoidable nowadays.
And there isn't really a way to confirm if it is configured in a secure way.
You either trust the developer or not.