If one reads the security advisory - the security researcher’s claim is that a particular API endpoint would accept URLs without deduping, so they were able to send 5000 URLs to it - nothing more sophisticated.
If one reads the security advisory - the security researcher’s claim is that a particular API endpoint would accept URLs without deduping, so they were able to send 5000 URLs to it - nothing more sophisticated.