Pinterest Fixes Validation Vulnerability in API

July 1, 2015


Pinterest recently fixed an issue in the API of its web app that could have allowed remote attackers to compromise emails and carry out session hijacking and phishing attacks.
Vulnerability Lab researcher Benjamin Kunz Mejri discovered the issue, which is a persistent mail encoding and validation web vulnerability shortly after the start of the year. While developers with Pinterest were actually speedy in fixing the issue – they issued a patch in February, two weeks after Mejri notified them of the bug – the vulnerability wasn’t disclosed until Monday.

Read More