LinkedIn: Entire database of emails exposed through URN injection

The entire database of LinkedIn emails was exposed due to a vulnerability in the decoration feature of the Voyager API. An attacker could assign an URN value to a text field inside a profile and trigger a URN resolution to retrieve the email. The query engine did not check whether a field should ...