Deep technical details of how we combined HTTP request tunneling and path traversal vulnerabilities to permit unauthorized RCE in Qlik Sense.
Because we take security, privacy, and transparency very seriously, we are sharing the details of a recent incident.