## Summary
I discovered a critical stack-based buffer overflow vulnerability in cURL's cookie parsing mechanism that can lead to remote code execution. The vulnerability occurs when processing maliciously crafted HTTP cookies, affecting all applications that use libcurl for HTTP requests.
## Description
During security research on cURL's cookie handling implementation, I identified a stack...
I’m aware he was banned, the dev himself said it at the end. However I think it’s important enough to stress it, because people often give a free pass based on intentions, when IMO they shouldn’t.
What else are you recommending?
Context: I’m a translator, and I used to be part of a few co-operative projects. (This was before ChatGPT.) A lot of what I’m saying is transposed from my experience into development.
Check his tone. Neither rude, nor overly polite. That was perfect.
If you suck at communication, let someone else do it for you. Focus on the work instead.
Look for red flags of a sloppy job; if you find those, refuse the contrib, even if it would be otherwise good. It’s a good way to trial entitled people out, so they don’t harm your project. (Good contributors will be quick to fix the issue.)
If you see yourself spending more time fixing the others’ shit than doing your job, raise your standards on what you’ll accept or not.
The reporter was banned. What else are you recommending?
I’m aware he was banned, the dev himself said it at the end. However I think it’s important enough to stress it, because people often give a free pass based on intentions, when IMO they shouldn’t.
Context: I’m a translator, and I used to be part of a few co-operative projects. (This was before ChatGPT.) A lot of what I’m saying is transposed from my experience into development.