We.Love.Privacy.Club slashdot@feeds.twtxt.net "Curl Warns GitHub About 'Malicious Unicode' Security Issue A Curl contributor replaced an ASCII letter with a Unicode alternative in a pull requ ..."

feeds.twtxt.net

Curl Warns GitHub About ‘Malicious Unicode’ Security Issue
A Curl contributor replaced an ASCII letter with a Unicode alternative in a pull request, writes Curl lead developer/founder Daniel Stenberg. And not a single human reviewer on the team (or any of their CI jobs) noticed.

The change “looked identical to the ASCII version, so it was not possible to visually spot this…”

The impact of changing one or mor … ⌘ Read more

⤋ Read More