💸 Earlier this year, Google's Patch Rewards Program rewarded me with a generous $5k bounty for fixing a denial-of-service vector in Go's most popular third-party CORS middleware library: rs/cors. I only had to port the implementation from my own library; a one-hour job. 😉
https://github.com/google/bughunters/blob/main/patch-rewards-program/rewarded-patches/rs/cors/336848281.md