Hi. I’m a web security researcher.
Recently I discovered a critical vulnerability on the cocoon.io website.
I wrote a report and sent it to all the addresses of the company that I found. It was September 8, 2017.
So far I have not received an answer. Until now, the vulnerability has not been fixed.
As a result, anyone can get passwords to databases, secret keys for AWS S3, GitHub, Google, Braintree Payments and etc. Your private data and the source codes of your applications are in danger.
I inform the community in order to draw the developers’ attention to this situation.
Waiting for a response from the cocoon management.
My email: firstname.lastname@example.org
Sorry for my English.