Trying to get in touch regarding a security issue
JamieSlome opened this issue · 4 comments
Hi there,
I couldn't find a SECURITY.md
in your repository and am not sure how to best contact you privately to disclose a security issue.
Can you add a SECURITY.md
file with an e-mail to your repository, so that our system can send you the vulnerability details? GitHub suggests that a security policy is the best way to make sure security issues are responsibly disclosed.
Once you've done that, you should receive an e-mail within the next hour with more info.
Thanks! (cc @huntr-helper)
Hey @JamieSlome, thanks for the heads up! I'll check with Brave's security team about what I should use here as a SECURITY.md
, but in the meantime you should be able to refer to the one from the brave-browser
repo.
I've just added SECURITY.md
to the repository.
@JamieSlome any updates on the security issue?
@antonok-edm - you can view the advisory here.
It was marked as invalid as our program does not accept non-code level vulnerabilities, but feel free to use the page for your reference.