Jamie Slome
Jamie Slome
@ninewise - sure, I can send an e-mail :) Just for reference, the report itself can be found directly here: https://huntr.dev/bounties/1e1e0c05-8f97-4794-94ca-a17ebf03f97a/ It is currently private and requires repository write permissions...
@RussH - thanks, we will get all of the reports sent over to you shortly :)
@briancray - is this repository receiving any updates or being passively maintained?
@probonopd - thank you for your response! ⚡ I will get the two reports sent over to your e-mail address 👍 Just for reference, the two reports can be found...
@jackycute - we are currently doing this as many maintainers have asked that reports are kept private, until they can validate the report. I will post the disclosure details here...
# ✍️ Description The `/exportAllNotes` endpoint does not require any CSRF token validation. This could be used force download account data and spoof users. # 🕵️♂️ Proof of Concept 1....
The platform also allows the maintainer to get paid for validating, and confirming patches against advisories. Plus, we mediate and assign CVEs if needed.
@yolandadadada - thank you for your response 👍 I don't currently have access to Telegram, do you have an organisational e-mail I can use instead? Just for reference, the private...
@yolandadadada - sure, we can provide you with a non-sign in URL which will allow you to view the contents. Otherwise, you can view the contents of the report by...