U.S. Dept Of Defense disclosed a bug submitted by cdl: https://hackerone.com/reports/715949 – Bounty: $5000 [Source]