Remote Code Execution in Logseq (just another XSS to RCE in an Electron app)
Working in Pitch, I had the opportunity to read, review, and code in Clojure and Clojurescript. Clojure is a niche programming language, a Lisp language hosted on a JVM, and it has a small, but “senior”, community. ClojureScript is a variant of Clojure that compiles to JavaScript (instead of JVM), so it is a sort of Clojure for the JavaScript ecosystem, with (almost) the same paradigms and structures. From a security engineer’s perspective, this programming language is challenging for at least two non-technical reasons: ...