Trying to get in touch regarding a security issue

Question

Trying to get in touch regarding a security issue

JamieSlome opened this issue 3 years ago · 4 comments

Hey there!

I belong to an open source security research community, and a member (@hitisec) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

Answer 1 · 2022-02-19T19:48:57.000Z

Thanks for the report, I added a security policy.

Answer 2 · 2022-02-20T09:07:35.000Z

Thanks, @Rudloff - you should receive an e-mail shortly with a link that will allow you to access the report without having to sign up.

Otherwise, you can view the report directly here:
https://huntr.dev/bounties/4fb39400-e08b-47af-8c1f-5093c9a51203/

Answer 3 · 2022-02-20T13:47:53.000Z

I tagged a new release that fixes the vulnerability and published a security advisory : GHSA-jmhf-9fj8-88gh
This is my first time interacting with https://huntr.dev/ and I found the process very smooth, thanks!

Answer 4 · 2022-02-20T14:44:16.000Z

Glad to hear it! 🤝