A newly-discovered vulnerability in a popular open-source framework could put major companies' data at risk of theft or deletion, according to researchers who revealed the bug.