An attacker could craft a MessagePack payload where exec_hook contains a base64-encoded Rust closure. Upon deserialization, the proxy’s garbage collector would misinterpret the closure’s pointer as a valid function, leading to arbitrary code execution in the context of the proxy process (typically root when binding to ports <1024).
The patch randomizes directory structures and script names, making it incredibly difficult for automated firewall scanners to detect that you are running a proxy. Leaking Asset Fixes: alloyproxy15 patched
Then came the night of the blackout.