Lark Technologies disclosed a bug submitted by snapsec: https://hackerone.com/reports/1080700 – Bounty: $550 [Source]