Sky Patches Critical Remote Code Execution Bug

Security researcher xss disclosed an RCE bug affecting vote.makerdao.com on Sep 25, 2023. The exploit used gray-matter's enabled JavaScript engine to execute system commands via Markdown input. Sky fixed it by Sep 28, 2023, patching through the matterWrapper function disabling eval. The bug paid a $50,000 bounty via Immunefi’s program. Exploit allowed access to sensitive files like /etc/passwd.