Feels a little overstated if it requires a malicious lua script. Yes that's bad,... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		bawolff 7 months ago \| parent \| context \| favorite \| on: RediShell: Critical remote code execution vulnerab... Feels a little overstated if it requires a malicious lua script. Yes that's bad, but its not critical the way the article implies. For the average website, your average stored XSS is probably more impactful.

rickette 7 months ago [–]

Exactly, also requires authentication. How can this be 10/10?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact