Lachlan Davidson
Home CVEs & Disclosures Blog About

The React2Shell Story

Authored by Lachlan Davidson • May 8, 2026

The story of CVE-2025-55182 (React2Shell)

Mounting GlusterFS with a Docker Container in Flatcar Linux/CoreOS

Authored by Lachlan Davidson • February 2, 2023

When building a Docker Swarm cluster in my homelab using Flatcar Linux, I found myself needing to mount a remote GlusterFS volume.

Configuring Rocky Linux, FreeIPA and Samba for Kerberos Support on Windows Clients

Authored by Lachlan Davidson • November 30, 2021

An adventure in using Rocky Linux, FreeIPA and Samba for identity management, kerberos auth and more for my homelab.

Bypassing Brute-Force Protections with LOTS of GraphQL

Authored by Lachlan Davidson • December 7, 2020

An exploration of making huge GraphQL requests to bypass brute-force restrictions.

Awesome GraphQL CSRF and SSRF

Authored by Lachlan Davidson • December 7, 2020

Exploiting poor GraphQL validation for epic CSRF and SSRF impacts.

X Marks the Spot - Secrets in Source Maps

Authored by Lachlan Davidson • December 6, 2020

Reverse engineering front-end code and finding secrets in JavaScript source maps.