unicorn icon indicating copy to clipboard operation
unicorn copied to clipboard

Published 20 hours ago verified publisher icon unicorn-engine

Trying to get in touch regarding a security issue

Open JamieSlome opened this issue 3 years ago • 4 comments

Hello 👋

I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@liyansong2018) has found a potential issue, which I would be eager to share with you.

Could you add a SECURITY.md file with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.

Looking forward to hearing from you 👍

(cc @huntr-helper)

JamieSlome avatar Jul 02 '22 14:07 JamieSlome

will do later today, thanks.

On Sat, Jul 2, 2022, 22:03 Jamie Slome @.***> wrote:

Hello 👋

I run a security community that finds and fixes vulnerabilities in OSS. A researcher @.*** https://github.com/liyansong2018) has found a potential issue, which I would be eager to share with you.

Could you add a SECURITY.md file with an e-mail address for me to send further details to? GitHub recommends https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.

Looking forward to hearing from you 👍

(cc @huntr-helper https://github.com/huntr-helper)

— Reply to this email directly, view it on GitHub https://github.com/unicorn-engine/unicorn/issues/1637, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABNQNYEE375MFNBHXNH4PWTVSBD2DANCNFSM52PDN4UQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>

aquynh avatar Jul 02 '22 23:07 aquynh

@aquynh - thanks for your diligence 👍

Just for reference, you can find the report directly here: https://huntr.dev/bounties/3ea59112-5d51-440a-a04d-c9c7c89f748b/

It is private and only accessible to maintainers with repository write permissions :)

JamieSlome avatar Jul 03 '22 08:07 JamieSlome

@aquynh - thanks for your diligence 👍

Just for reference, you can find the report directly here: https://huntr.dev/bounties/3ea59112-5d51-440a-a04d-c9c7c89f748b/

It is private and only accessible to maintainers with repository write permissions :)

~~Hello, I don't have access to the report. Any idea?~~

Log out & log in helps. No problem.

wtdcode avatar Jul 03 '22 11:07 wtdcode

we already added SECURITY.md.

thanks.

aquynh avatar Jul 03 '22 14:07 aquynh

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 15 days.

github-actions[bot] avatar Sep 02 '22 05:09 github-actions[bot]