How an Information Disclosure Vulnerability Led to Critical Data Exposure

This report explains information disclosure vulnerabilities—their causes, business impact, and remediation—and illustrates the risk with a real-world Basecamp example where an uninitialized memory leak in an outdated librsvg library exposed AWS keys and user cookies; the issue was reproducible via malicious SVGs and remediated by updating the library, restricting SVG handling, or isolating image processing.