Test-scripts for postgis in mason-repository using unsafe unzip of content from unclaimed bucket creates potential RCE-issues

On March 25, 2018 @fransrosen reported a vulnerability to Mapbox. An AWS S3 bucket previously owned by Mapbox was reclaimed by this researcher, which is possible due to the global namespacing of S3 buckets. This bucket was still actively referenced in a test script. The bucket takeover therefore posed a possibility for remote code execution via this S3 bucket. Mapbox responded within a day and worked with the researcher to reclaim this bucket, as well as multiple other S3 buckets that had been claimed by the researcher and were still referenced in public Github repositories. The incident was fully resolved, including bounty payout, by April 27 2018 when all affected S3 buckets were reclaimed and code references updated.