joernchen 
.
@joern,
Earlier this year I found a pretty cool vuln, an arbitrary file write in GitLab.
Here’s the details https://gitlab-com.gitlab.io/gl-security/security-tech-notes/security-research-tech-notes/devfile/
joernchen
.
@joern,
rkervell
.
@rkervell, @infosec.town
@joern filepath.Clean() making a new victim