RCE

From Learning to Root: How I Found a Remote Code Execution Vulnerability in Twenty CRM Code reviews and web application security aren’t exactly my wheelhouse. I wanted to change that, so I challenged myself to audit open-source codebases and look for potential security gaps. I chose Twenty, a popular open-source CRM with over 38,000 stars on GitHub. While exploring their serverless module implementation, I came across a file that immediately caught my eye: packages/twenty-server/src/engine/core-modules/serverless/drivers/local....