Valid URLs can use a wide range of different protocols. This requires strict validation of user supplied URLs combined with correct checks. Too lax or wrong checks can quickly lead to vulnerabilities.
Written by Daniel Ruf.
npm, pnpm and yarn were vulnerable to binary planting and arbitrary file (over)write through the bin field in package.json.
This is a post mortem report of a hacked WordPress instance with a cryptominer in 2018 which was handled by me.
This is a post mortem report of a contact form spam attack in 2018 which was handled by me.