html-comment-regex icon indicating copy to clipboard operation
html-comment-regex copied to clipboard

Published 20 hours ago verified publisher icon stevemao

Trying to get in touch regarding a security issue

Open zidingz opened this issue 4 years ago • 2 comments

Hey there!

I'd like to report a security issue but cannot find contact instructions on your repository.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

zidingz avatar Sep 04 '21 04:09 zidingz

Hey Steve, recently I found a potential ReDoS vulnerability inside html-comment-regex, I made a patch for it and hope you are happy to receive this fix. You can access the vulnerability details at huntr. Please feel free to get in touch if there are any more issues.

yetingli avatar Sep 14 '21 09:09 yetingli

Please either send me an email, or send a PR to fix it directly.

@zidingz @huntr-helper @yetingli

stevemao avatar Oct 01 '24 11:10 stevemao