pxb1988
Security concern
Hey there!
I belong to an open source security research community, and a member (@ry0tak) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.
Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
Hey! I just noticed this issue and as it seems, I might be the best person to contact here as my fork is one of the only ones (if not even the only one) actively being maintained.
You can find my SECURITY.md file here: https://github.com/ThexXTURBOXx/dex2jar/blob/main/SECURITY.md
@ThexXTURBOXx - thanks for getting in touch here! ❤️
@Ry0taK - would you be happy to re-disclose against this other fork of the repository?
Hi @JamieSlome @Ry0taK Any news on this? I have not received anything via email yet as far as I am aware of :)
@ThexXTURBOXx @JamieSlome I'm terribly sorry, I completely missed this thread. I've submitted the report on huntr.dev, so you should receive the email from them within few days.
@Ry0taK - thanks for your effort here! ❤️
@ThexXTURBOXx - you can view the report directly here: https://huntr.dev/bounties/0a732190-b846-4588-aed5-8e976bd98cc2/
@Ry0taK @JamieSlome Thank you very much for getting in touch with me! I have fixed the issue (hopefully) accordingly. At least, I am not able to apply this attack anymore in version 45.