Found a possible security concern

Question

Found a possible security concern

JamieSlome opened this issue 2 years ago · 6 comments

Hey there!

I belong to an open source security research community, and a member (@flame-n) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

Answer 1 · 2022-05-04T09:30:38.000Z

@sahat - just for reference that the report can be found here:
https://www.huntr.dev/bounties/95d8d9be-b7fa-4b86-b932-8e21bee7944e/

It is private and only accessible to you 👍

Answer 2 · 2022-09-13T09:40:44.000Z

@sahat Hello, we haven't heard from you about this issue. Can you please check it out?

Answer 3 · 2023-05-04T09:13:25.000Z

@JamieSlome

I am one of the maintainers. Can you please add me to the access group to review the report?

Thank you

Answer 4 · 2023-05-22T15:37:45.000Z

@YasharF on it :)

Answer 5 · 2023-06-14T09:51:22.000Z

Hey @YasharF, if you could please register on the platform, let us know when you're on there and we will have you added:)

Answer 6 · 2023-06-17T08:35:28.000Z

Added SECURITY.MD.

Going to close this issue and mark any requests to register with 3rd party websites as spam, as prior report that I received were false positives due to lack of understanding of the reporters on what this project is and what it is supposed to do. File a GitHub issue with the related information if you have any concerns.

Thank you