LY Corporation: CORS misconfiguration leads to users information disclosure at https://studyroom.line.me

Due to the CORSCross-Origin Resource Sharing misconfiguration in the StudyRoom API server, SOPSame Origin Policy can be bypassed, and the API that retrieves one's profile information was returning more personal information than necessary. Combining the issues allows an attacker to obtain user...