Content
@
https://opensea.io/collection/dev-21
0 reply
0 recast
2 reactions
Paul Berg
@prberg
Are you using Vercel to host your websites? Note that the VERCEL_TOKEN isn’t project-scoped⚠️ If an attacker compromises your CI pipeline for a docs site, and both the docs and the main UI are on Vercel, they can deploy a malicious version of your main UI.
2 replies
2 recasts
12 reactions
woj
@woj.eth
oh wow, didn't expect this
1 reply
0 recast
2 reactions
Paul Berg
@prberg
ikr
0 reply
0 recast
0 reaction
