User Information sent to client through websockets
Unknown
Vulnerability Details
I noticed when monitoring the websocket requests that the account information of user, including user_id is sent to the client.
__{"t":"d","d":{"r":8,"a":"p","b":{"p":"/carts/3671079_xjdJHqx88J435eDW5zxN/users/-KRbGN8R6uIjy6_OPx_j","d":{"id":25390626,"name":"Username}}}}__
Actions
View on HackerOneReport Stats
- Report ID: 168223
- State: Closed
- Substate: informative
- Upvotes: 1