openflagr/flagr

[Security] Vulnerability found

nbeguier opened this issue · 4 comments

I've found a "critical vulnerability" (in my opinion) on Flagr 1.1.12, who can I contact ?

Your Environment

  • Version used (flagr version): 1.1.12
  • Server type and version: any
  • Operating System and version (uname -a): any

@ivanRylach @sesquipedalian-dev

I'm also available at https://keybase.io/zhuojie for encrypted messages

It's been 90 days since my report and you successfully fix the issue. You may want to release v1.1.13 because I'll probably disclose the PoC in the following weeks, as agreed.
@zhouzhuojie

It's been 90 days since my report and you successfully fix the issue. You may want to release v1.1.13 because I'll probably disclose the PoC in the following weeks, as agreed.
@zhouzhuojie

Hey @nbeguier, thanks for reporting again. I don't have the write permission to this repo anymore, @marceloboeira and I are thinking of maintaining a new community version of flagr with strict API backward compatibility of course, see the new release cut there.

https://github.com/openflagr/flagr/releases/tag/1.1.13

Stale issue message