Trying to get in touch regarding a security issue
JamieSlome opened this issue · 2 comments
JamieSlome commented
Hi there,
I couldn't find a SECURITY.md
in your repository and am not sure how to best contact you privately to disclose a security issue.
Can you add a SECURITY.md
file with an e-mail to your repository, so that our system can send you the vulnerability details? GitHub suggests that a security policy is the best way to make sure security issues are responsibly disclosed.
Once you've done that, you should receive an e-mail within the next hour with more info.
Thanks! (cc @huntr-helper)
CaledoniaProject commented
Created SECURITY.md and updated README.md
CaledoniaProject commented
I've closed the issue as it is invalid.
- The latest plugin is stored here instead of here.
- You should run actual test instead of static analysis.
- The host is only resolved if the Application will resolve and request it later, so the SSRF issue is not on our side.