tinyfilemanager icon indicating copy to clipboard operation
tinyfilemanager copied to clipboard

Published 20 hours ago • verified publisher icon prasathmani

🚨 Potential Security Vulnerability

Open ranjit-git opened this issue 3 years ago • 8 comments

Hello, @prasathmani - 5 potential high severity security vulnerability in your repository has been disclosed to huntr.

Visit report url and validate them https://www.huntr.dev/bounties/6-other-prasathmani/tinyfilemanager/ https://www.huntr.dev/bounties/7-other-prasathmani/tinyfilemanager/ https://www.huntr.dev/bounties/8-other-prasathmani/tinyfilemanager/ https://www.huntr.dev/bounties/9-other-prasathmani/tinyfilemanager/ https://www.huntr.dev/bounties/10-other-prasathmani/tinyfilemanager/

ranjit-git avatar May 23 '21 09:05 ranjit-git

Hi @prasathmani, two other vulnerabilities were found in your repo, please check :

  • https://huntr.dev/bounties/4-other-prasathmani/tinyfilemanager/
  • https://huntr.dev/bounties/5-other-prasathmani/tinyfilemanager/ Best regards,

zer0h-bb avatar May 25 '21 11:05 zer0h-bb

Hello @prasathmani, one more vulnerability was found in your code, visit and do check it. https://www.huntr.dev/bounties/11-other-prasathmani/tinyfilemanager/

x3rz avatar May 30 '21 13:05 x3rz

Hello, i see it has been 6 month since bug reported and still many of them are not validated . As fix taking long time so you can validate the report now and when patch is ready then you can confirm the fix also . Huntr team did not proccessed the bounty to reporter untill it validated. We invest our time to secure opensource project and report potential security vulnerability to huntr responsively . If maintainer validate them then reporter gets bounty and it will encourage us to make opensource project a safer place . Thanks

ranjit-git avatar Jan 05 '22 12:01 ranjit-git

Have the security issues reported in CVE-2021-40965 5 months ago been addressed yet?

For more information, please see: https://www.cvedetails.com/cve/CVE-2021-40965/

michael-milette avatar Feb 05 '22 02:02 michael-milette

not actively contributing now, will fix all this in future release

prasathmani avatar Feb 05 '22 03:02 prasathmani

fix to path traversal vulnerability #718. by @joaogmauricio

prasathmani avatar Feb 12 '22 08:02 prasathmani

Hello, @prasathmani - 5 potential high severity security vulnerability in your repository has been disclosed to huntr.

Visit report url and validate them https://www.huntr.dev/bounties/6-other-prasathmani/tinyfilemanager/ https://www.huntr.dev/bounties/7-other-prasathmani/tinyfilemanager/ https://www.huntr.dev/bounties/8-other-prasathmani/tinyfilemanager/ https://www.huntr.dev/bounties/9-other-prasathmani/tinyfilemanager/ https://www.huntr.dev/bounties/10-other-prasathmani/tinyfilemanager/

@prasathmani Can you plz validate/invalidate those report in huntr so that huntr can give bounty?

ranjit-git avatar Feb 12 '22 08:02 ranjit-git

Not only these but all mentioned report thanks

x3rz avatar Feb 12 '22 12:02 x3rz

This issue is addressed in the new release.

prasathmani avatar Nov 19 '22 20:11 prasathmani

Thank you @prasathmani !

michael-milette avatar Nov 21 '22 17:11 michael-milette