Jonathan Leitschuh

View jlleitschuh on GitHub

United States

Jonathan Leitschuh is a Security Software Engineer and Security Researcher currently working for the JVM build tool company Gradle Inc. Jonathan is best known for the July 2019 Zoom Video Conferencing 0-Day Vulnerability. He also championed an industry-wide initiative to formally decommission the support of HTTP in favor of HTTPS only support by major artifact servers in the JVM ecosystem. He has a degree in Robotics and Computer Science from Worcester Polytechnic Institute. He enjoys finding security vulnerabilities in OSS in his free time as well as contributing to the GitHub Security Lab Bug Bounty Program. He's a strong proponent for security researchers having and enforcing vulnerability disclosure policies.

Speaking (conference/usergroups) / 01-31-2020

Shmoo Con: Zoom 0-Day: How Not to Handle a Vulnerability Report

I spoke at Shmoo Com about the 0-day vulnerability dropped on Zoom.

Jonathan Leitschuh

Community Contributions

CodeQL Roundtable stream w/@JLLeitschuh

Evicting HTTP from the JVM ecosystem supply chain

‘Security Botox’ or ‘amazingly successful’? Inside the battle to patch bug bounties’ biggest vulnerability

Generating 1,596 PRs to fix an ecosystem-wide vulnerability

Shmoo Con: Zoom 0-Day: How Not to Handle a Vulnerability Report

Update: Want to take over the Java ecosystem? All you need is a MITM!

CodeQL: Netty HTTP Response Splitting (CRLF Injection) due to disabled header validation

CodeQL: Maven: Use of insecure protocol to download/upload artifacts

BSides CT: Zoom 0-Day: How not to handle a vulnerability report

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!

Want to take over the Java ecosystem? All you need is a MITM!