Hi. I'm Mingi Jung

I am a Master's student at the Web Security Lab (WebSec Lab) at UNIST. My research focuses on Web Security and Browser Security, particularly on discovering emerging vulnerability classes and building automated systems to identify novel attack vectors.

Besides, I am an active CTF player and bug bounty hunter with a strong interest in practical offensive security techniques. I enjoy exploring diverse attack scenarios and experimenting with real-world exploitation techniques.

Ulsan National Institute of Science and Technology, Ulsan wjdaslrl4475@unist.ac.kr
GitHub
Mingi Jung

Education

2025.08 – present

M.S. in Computer Science and Engineering

Ulsan National Institute of Science and Technology, @UNIST WebSec Lab

Advisor: Seongil Wi

2021.03 – 2025.08

B.S. in Industrial Security & Police Science & Crime Investigation Software

Dongguk University, Korea

Publications

SandVenture: Escaping JavaScript Sandboxes with Objective-driven Input Generation (to appear)

Mingi Jung, Hyeon Heo, Seongil Wi

In Proceedings of the IEEE European Symposium on Security and Privacy (IEEE EuroS&P), 2026 (Acceptance Rate: 17.83%)

Honors

IBSM Award (Outstanding Graduate Student Award) UNIST  ·  2026.02.04

Security Bugs

CVE

CVE-2026-34514 aio-libs (aiohttp) HTTP header injection via CRLF
CVE-2026-21932 Oracle (Oracle Java SE) Unauthorized data modification via network access
CVE-2026-0877 Mozilla (Firefox Browser) DOM security mitigation bypass
CVE-2025-69235 Naver (Whale Browser) Same-Origin Policy bypass
CVE-2025-69234 Naver (Whale Browser) Iframe sandbox escape
CVE-2025-62585 Naver (Whale Browser) CSP bypass
CVE-2025-62584 Naver (Whale Browser) Same-Origin Policy bypass
CVE-2025-62583 Naver (Whale Browser) Iframe sandbox escape
CVE-2025-53791 Microsoft (Edge Browser) Security feature bypass
CVE-2025-53600 Naver (Whale Browser) Same-Origin Policy bypass
CVE-2025-48980 Brave Software (Brave Browser) SameSite cookie bypass
CVE-2025-32792 Endo (Secure ECMAScript) Lexical scope exposure in SES sandbox
Discovered via Strategy 5 of our IEEE EuroS&P 2026 paper, SandVenture: Escaping JavaScript Sandboxes with Objective-driven Input Generation. Web pages and extensions using ses and the Compartment API to evaluate third-party code in an isolated environment inadvertently expose const, let, and class bindings declared in the top-level scope of a <script> tag to the lexical scope of untrusted third-party code.

Acknowledgement

NBB-2026-0007 Naver Corporation
NBB-2025-0211 Naver Corporation
NBB-2025-0209 Naver Corporation
KV-2025-186 Kakao Corporation
KV-2025-185 Kakao Corporation

Contact

Email wjdaslrl4475@unist.ac.kr
Office Ulsan National Institute of Science and Technology, Ulsan
GitHub github.com/mingijunggrape