Trying to get in touch regarding a security issue

Question

Trying to get in touch regarding a security issue

JamieSlome opened this issue 3 years ago · 2 comments

Hi there,

I couldn't find a SECURITY.md in your repository and am not sure how to best contact you privately to disclose a security issue.

Can you add a SECURITY.md file with an e-mail to your repository, so that our system can send you the vulnerability details? GitHub suggests that a security policy is the best way to make sure security issues are responsibly disclosed.

Once you've done that, you should receive an e-mail within the next hour with more info.

Thanks! (cc @huntr-helper)

Answer 1 · 2021-07-19T23:29:49.000Z

Created SECURITY.md and updated README.md

Answer 2 · 2021-07-21T01:31:18.000Z

I've closed the issue as it is invalid.

The latest plugin is stored here instead of here.
You should run actual test instead of static analysis.
The host is only resolved if the Application will resolve and request it later, so the SSRF issue is not on our side.