A critical vulnerability in business communications app Slack could allow remote code execution (RCE).
The bug in the desktop application was discovered by researcher oskarsv, who reported the flaw through Slack’s HackerOne bug bounty program.
However the billion-dollar company has been slammed for offering what critics have described as a low payment for a high severity bug.
https://portswigger.net/daily-swig/crit ... -execution