“This allowed us to completely bypass the application’s tenant isolation and access data from any tenant in the system”
Official announcement from AWS: https://aws.amazon.com/blogs/security/removing-header-remapping-from-amazon-api-gateway-and-notes-about-our-work-with-security-researchers/
You must log in or # to comment.