dcRUSTy
dcRUSTy
**Describe the bug** JavaScript and external resources are allowed in "HTML version" of email which might lead to tracking and IP address leakage, and other wide range of security issues....
#### Expected behaviour Separate IP whitelisting for mountebank and imposters. #### Actual behaviour Mountebank IP whitelisting is also forced on imposters. #### Steps to reproduce start mountebank with ipWhitelist 127.0.0.1...
new Intl.DateTimeFormat('en', { timeZone: 'Etc/UTC', timeZoneName:'long', year: 'numeric', month: 'numeric', day: 'numeric', hour: 'numeric', minute: 'numeric', }).format(new Date()) throws error "Error: unsupported value "long" for timeZone Etc/UTC. requires locale data...
**Apparently root is required for hardlinks** File block reads can be escaped with hardlinks. PoC  