Found a possible security concern

Question

Found a possible security concern

Closed this issue 3 years ago · 3 comments

Hey there!

I belong to an open source security research community, and a member (@wind226) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

Answer 1 · 2022-04-01T05:53:57.000Z

Thank you for your suggestion. I have added SECURITY.md, if you have any security related questions, you can send us an email through the contact information inside !

Answer 2 · 2022-04-01T06:32:50.000Z

Thanks, @Cherry-toto! 👍

Just for reference, both reports can be found here:
https://huntr.dev/bounties/5719ece1-376a-4726-99f2-d298c36568b2/
https://huntr.dev/bounties/ee55dcde-1434-4297-b7bb-d343d5f1801e/

They are private and only accessible to you. Let me know if you have any questions.

Answer 3 · 2022-04-02T01:41:48.000Z

Thank you! Security issues have been fixed!