DigiNews

Summary

A security researcher reports an HTTP desync vulnerability in Discord's media proxy that could enable an attacker to observe attachments in real time as they are being accessed. The post discusses how crafted requests can influence the proxy's behavior and leak data, and includes code samples that demonstrate the concept while omitting actionable exploit details. The timeline indicates disclosure in 2022 with a bounty, highlighting the real-world security implications for platforms handling global media traffic.