The changelog entry for the latest version of Companion Revision Manager is “Security update”. Looking at the changes made in that version we saw that protection against cross-site request forgery (CSRF) was added in one location and user input was being sanitized. In then looking at those changes we found that there had previously been remote code execution (RCE) vulnerability that had been exploitable through CSRF.

…

[Read more]