HTTP parameter pollution from outdated Greenhouse.io JS dependency
Medium
S
Slack
Submitted None
Team Summary
Official summary from Slack
Slack's career page was using an outdated Greenhouse JavaScript dependency which resulted in an HTTP parameter pollution vulnerability. This would have allowed the loading of external Greenhouse forms (not owned by Slack). We updated the Javascript and the issue is resolved. Thanks @irvinlim!
Actions:
Reported by
irvinlim
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Resource Injection