vis icon indicating copy to clipboard operation
vis copied to clipboard
verified publisher icon martanne

Potential security issue

Open JamieSlome opened this issue 3 years ago • 2 comments

Hello 👋

I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@njord0) has found a potential issue, which I would be eager to share with you.

Could you add a SECURITY.md file with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.

Looking forward to hearing from you 👍

(cc @huntr-helper)

JamieSlome avatar Aug 22 '22 22:08 JamieSlome

I think a security file is perhaps a bit much. Are you OK with contacting me on IRC? I'm the registered user called ninewise on the channel announced in the README.

Alternatively you could send an PGP-encrypted e-mail to the key I've used to sign commits here (862AA368).

ninewise avatar Aug 25 '22 22:08 ninewise

@ninewise - sure, I can send an e-mail :)

Just for reference, the report itself can be found directly here:

https://huntr.dev/bounties/1e1e0c05-8f97-4794-94ca-a17ebf03f97a/

It is currently private and requires repository write permissions to view the contents 👍

JamieSlome avatar Aug 28 '22 07:08 JamieSlome

@ninewise, I guess this particular ticket can be closed, cannot it? If anything, it would be resolved outside of it.

mcepl avatar Nov 10 '22 11:11 mcepl