CIRCLE WITH A DOT

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

An AI just found a CVE in a library with 1.1 billion downloads.

1 Posts 1 Posters 0 Views

P This user is from outside of this forum
P This user is from outside of this forum
projectdiscovery@infosec.exchange

wrote last edited by

#1

An AI just found a CVE in a library with 1.1 billion downloads.
No human guidance. No custom rules. Neo reviewed Faraday's code, traced the URL logic, and found an SSRF that Snyk and Semgrep both missed.
This is the class of bug that used to require your best engineer and a lot of time.
Read the full breakdown: https://projectdiscovery.io/blog/how-neo-found-an-ssrf-vulnerability-in-faraday-and-why-it-matters-for-every-team-that-ships-code
#cve
1 Reply Last reply
1
0
R relay@relay.infosec.exchange shared this topic

Log in to reply