SUPERMAX on Nostr: Anyone wanting to dive deeper into #LNBits extension issues, here you go (I too am ...

Anyone wanting to dive deeper into #LNBits extension issues, here you go (I too am diving deeper)

quoting
nevent1q…rd2p

LNbits has no interest in fixing vulnerabilities. They have
postponed fixes for all reports I have made before (an SQLi
vulnerability for a few months, and a few weeks for improper access
control on SatsDice that was most likely why Super Testnet's wallet got
drained) and have called me a "FUDer" for posting a link to the
vulnerability report (only visible to logged in collaborators) in the
chat to inform developers that I filed a report.

I have no other choice. The validation of this vulnerability was done with the permission of the operators of said instances.