Potential security issue
Closed this issue · 6 comments
Hey there!
I belong to an open source security research community, and a member (@hitisec) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a SECURITY.md
file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.
Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
Done.
https://github.com/jspark311/BuriedUnderTheNoiseFloor/blob/master/SECURITY.md
I'm curious to hear what you found.
@jspark311 - great!
You should receive e-mails from our system shortly ❤️
@JamieSlome Checking back in on this. I never saw anything cross my inbox. Can you please either resend, or tell me what domain the email came from?
@jspark311 - sorry that you didn't see anything come in. The e-mail would have been from ...@huntr.dev. Also, you can view one of the reports directly here:
https://huntr.dev/bounties/ba6de042-1235-42fe-8379-57b70d9c6c01/
@jspark311 - it also looks like the e-mail in your SECURITY.md
doesn't take the proper format of an e-mail as well.