I am the author of the advisory below. As of publication, no CVE number has been issued. This post will be updated when a CVE number is issued. This advisory describes a class of security vulnerabilities which can manifest due to choices made during HTTP API design and implementation. These vulnerabilities may be used to … Continue reading The RESTLESS Vulnerability: Non-Browser Based Cross-Domain HTTP Request Attacks