HackerOne: Attacker may be able to bounce enough emails which suspend HackerOne's SES service and cause a DoS of HackerOne's email service

This was a DoS based on triggering a lot of bounced emails via SES service which could put our email sending up for review with AWS. The vulnerability was due to unrestricted invitations on sandbox programs which allowed an attacker to generate an infinite number of bounced emails. We had applied...