Episode 80 / 2020.07.06
Matt Stein, Patrick Harrington, Michael Rog, Andrew Welch
#craftcms #seomatic #vulnerability

Host­ed by Matt Stein, on this episode we talk to Andrew Welch from nystudio107, Nevin Lyne from Arcus Tech, and Brad Bell from Pix­el & Tonic.


The dis­cus­sion cen­ters around a recent crit­i­cal Serv­er Site Tem­plate Injec­tion (SSTI) & Remote Code Exe­cu­tion (RCE) exploit in the SEO­mat­ic plu­g­in for Craft CMS.


We dis­cuss a time­line of what tran­spired, and walk through the dis­cov­ery process as in the wild exploits were found.


We also talk about whether you should be con­cerned, and update to the patched SEO­mat­ic 3.3.0 or lat­er (spoil­er: you should, and you should).


We also go into steps that Pix­el & Ton­ic, plu­g­in devel­op­ers, and fron­tend devel­op­ers pro­duc­ing sites can take to mit­i­gate secu­ri­ty vulnerabilities.


Recent Episodes