Yet another case of turning attacker data into full-blown objects automatically being a bad idea, in this case we have the Sawyer library used by Octokit turning API response into Ruby objects that is used to build Redis commands, allowing an attacker to inject arbitrary Redis commands leading to code execution with a crafted API response.
The core issue is the use of MAP_FIXED flag with mmap.Basically `pthread_allocate_stack` for every thread it creates, starting its mapping a new `STACK_SIZE` memory segment to a fixed address (calculated relative to `THREAD_STACK_START_ADDRESS` and the number of threads already allocated)...
What happens when you tell a server to treat the `Content-Length` header as a hop-by-hop header and remove it? Request smuggling.
The Autofill Assistant has a chain of issues that could be abused for universal XSS in the context of an arbitrary website.