Potential security issue

Question

Potential security issue

Closed this issue 3 years ago · 6 comments

Hey there!

I belong to an open source security research community, and a member (@hitisec) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

Answer 1 · 2021-10-18T08:21:22.000Z

Done.
https://github.com/jspark311/BuriedUnderTheNoiseFloor/blob/master/SECURITY.md

I'm curious to hear what you found.

Answer 2 · 2021-10-18T08:24:47.000Z

@jspark311 - great!

You should receive e-mails from our system shortly ❤️

Answer 3 · 2021-11-13T08:20:43.000Z

@JamieSlome Checking back in on this. I never saw anything cross my inbox. Can you please either resend, or tell me what domain the email came from?

Answer 4 · 2021-11-13T08:25:59.000Z

@jspark311 - sorry that you didn't see anything come in. The e-mail would have been from ...@huntr.dev. Also, you can view one of the reports directly here:

https://huntr.dev/bounties/ba6de042-1235-42fe-8379-57b70d9c6c01/

Answer 5 · 2021-11-13T08:29:35.000Z

@jspark311 - it also looks like the e-mail in your SECURITY.md doesn't take the proper format of an e-mail as well.

Answer 6 · 2022-02-23T07:37:03.000Z

Please see the following issue:

#3