It’s being actively exploited in the wild as we speak.

Private disclosure is only useful and necessary when vulnerabilities are not being actively exploited or if they are exceptionally technically difficult requiring very specific conditions and you are disclosing specifically those conditions which might enable additional exploitation before a fix.

However, this is a technically simple exploit, disclosing it exists will not enable more attackers.

It is responsible in situations where something is being actively exploited, it is a simple exploit, etc to discuss, inform, and yes let others who may want to patch themselves have the knowledge needed to patch when devs are asleep or otherwise unable to act expediently.

I posted it this way because it was already public, even detailing how the vulnerability worked on github, and because I thought of informing as many as possible. I should’ve explicitly stated this, but I hoped this would encourage logging off (we seriously need a log off emoji) and possibly changing your password later to remedy this.