Reporting a vulnerability
igibek opened this issue · 3 comments
igibek commented
Hello!
I hope you are doing well!
We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.
Can you enable it, so that we can report it?
Thanks in advance!
PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository
knocte commented
Hello Igibek, I just enabled the feature.
…On Mon, 10 Apr 2023 at 20:38, Igibek Koishybayev ***@***.***> wrote:
Hello!
I hope you are doing well!
We are a security research team. Our tool automatically detected a
vulnerability in this repository. We want to disclose it responsibly.
GitHub has a feature called *Private vulnerability reporting*, which
enables security research to privately disclose a vulnerability.
Unfortunately, it is not enabled for this repository.
Can you enable it, so that we can report it?
Thanks in advance!
PS: you can read about how to enable private vulnerability reporting here:
https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository
—
Reply to this email directly, view it on GitHub
<#210>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACQ4JYRUJULOSFUY5Y2LMDXAP5LLANCNFSM6AAAAAAWY57FO4>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>