From theregister.co.uk
An EU-sponsored GDPR advice website run by Proton Technologies had a vulnerability that let anyone clone it and extract a MySQL database username and password.
The vulnerability in question allowed the entire contents of the website’s /.git/ repository to be cloned, as Pen Test Partners explained in a blog post about what it found on advice site GDPR.eu.