Found a possible security concern
JamieSlome opened this issue · 6 comments
Hey there!
I belong to an open source security research community, and a member (@flame-n) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a SECURITY.md
file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.
Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
@sahat - just for reference that the report can be found here:
https://www.huntr.dev/bounties/95d8d9be-b7fa-4b86-b932-8e21bee7944e/
It is private and only accessible to you 👍
@sahat Hello, we haven't heard from you about this issue. Can you please check it out?
I am one of the maintainers. Can you please add me to the access group to review the report?
Thank you
Hey @YasharF, if you could please register on the platform, let us know when you're on there and we will have you added:)
Added SECURITY.MD.
Going to close this issue and mark any requests to register with 3rd party websites as spam, as prior report that I received were false positives due to lack of understanding of the reporters on what this project is and what it is supposed to do. File a GitHub issue with the related information if you have any concerns.
Thank you