I’d venture a guess that 100% of people don’t need to worry. Based on the complexity and requirements to execute this attack, I’d almost argue it’s just a bug report framed as a vulnerability.
Maybe it’s possible to exploit this somewhere in the wild, but it requires pulling from a custom registry that the attacker controls and voluntarily authenticating to it, from what I can tell anyway.
I’d venture a guess that 100% of people don’t need to worry. Based on the complexity and requirements to execute this attack, I’d almost argue it’s just a bug report framed as a vulnerability.
Maybe it’s possible to exploit this somewhere in the wild, but it requires pulling from a custom registry that the attacker controls and voluntarily authenticating to it, from what I can tell anyway.