Motoyasu Saburi

I found a vulnerability in this library and sent a report via Snyk & email, but received no response. Therefore, a patch will probably never be provided. I'm also wondering...

I'm commenting because I have been researching this issue. ---------- Basically, it is better to conform to the RFC or WHAT WG. However, the WHATWG recommendation is URL Encode to...

I have written a report on this issue. https://gist.github.com/motoyasu-saburi/1b19ef18e96776fe90ba1b9f910fa714 Also, I have read some RFCs in broad strokes, but the escaping requirement was not clearly stated. ``` https://datatracker.ietf.org/doc/html/rfc2231 https://datatracker.ietf.org/doc/html/rfc2616 https://datatracker.ietf.org/doc/html/rfc5987...

Thank you so much @thinkerou . If possible, I would appreciate it if you could enable the GitHub feature "Private vulnerability reporting,". There are people (@igibek) in this Issue who,...

@jerbob92 > Is there a reason we can't use url.QueryEscape here? Just like in the UTF-8 version? Both will solve the security issue. First, the requirement for encoding by URL...

@jerbob92 Thank you, As you said, there was a problem. I tried to fix it, Could you review it?

@fabricioereche I have made some corrections after receiving your approval, so could you please review it again?

Could you review PR ? @thinkerou @appleboy

@thinkerou Probably a separate issue from the `CVE-2023-29401` issue. Could you reopen this issue?

@kittinunf I create a PR. Could you please review it? https://github.com/kittinunf/fuel/pull/877