gin icon indicating copy to clipboard operation
gin copied to clipboard

Published 20 hours ago verified publisher icon gin-gonic

Reporting a vulnerability

Open igibek opened this issue 1 year ago • 1 comments

Hello!

I hope you are doing well!

We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.

Can you enable it, so that we can report it?

Thanks in advance!

PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

igibek avatar Apr 10 '23 11:04 igibek

I also want to privately report a vulnerability. Unfortunately, I did not find where.

Harital avatar May 19 '23 11:05 Harital

Silence is the new answer, thx @appleboy and all the other maintainers

jnelle avatar May 20 '23 09:05 jnelle

v1.9.1 have released, please see https://github.com/gin-gonic/gin/releases/tag/v1.9.1, thanks!

thinkerou avatar Jun 01 '23 02:06 thinkerou

@thinkerou Probably a separate issue from the CVE-2023-29401 issue. Could you reopen this issue?

motoyasu-saburi avatar Jun 03 '23 16:06 motoyasu-saburi

I and @appleboy have not the permission, need @javierprovecho thanks!

thinkerou avatar Jun 06 '23 02:06 thinkerou

I'm afraid CWE-78 is also present in v1,9.1. Do you want to open a separate issue or attach it to this one?

Harital avatar Jun 12 '23 15:06 Harital