Dec. 29, 2025
Our PDF Generator Security Research Is Out
The article on our research from the first half of this year is finally published: Blind trust: what is hidden behind the process of creating your PDF file?
The article on our research from the first half of this year is finally published: Blind trust: what is hidden behind the process of creating your PDF file?
java.net.URL.equals() performs a DNS lookup and considers two URLs equal if their IP addresses match — even when the domains are completely different. This can bypass whitelist checks and lead to SSRF or DNS rebinding attacks.
GitHub Security Lab published an article on localhost dangers, CORS and DNS rebinding — and they directly reference and recommend my research on CORS misconfiguration attacks.