-
Having one of these is important, and, I would say, part of the platform's DNA: it states how it wants to treat its participants. A lousy disclosure policy says "we don't want smart, responsible users…
-
Hello maintainer(s),
I am a security researcher from the Institute of Application Security at TU Braunschweig, Germany. We discovered a (potential) security vulnerability in your project.
We wo…
-
### I have searched through the issues and didn't find my problem.
- [X] Confirm
### What would you like to share?
We should add a security policy to properly report vulnerabilities in case there a…
-
This is in flight.
-
List of To-Dos:
- Add findings
- Web server DoS
- MITM HTTPS connection of the web server (LAN)
- ~~NetCloud "Insecure Activation" bug~~
- ~~NetCloud RCE~~
- ~~mitmproxy PoC~~
-…
-
In `list.js`, you are pulling a gif from `assets.okfn.org/images/icons/ajaxload-circle.gif`. However `assets.okfn.org` is an s3 bucket that's misconfigured to be publicly write-able.
Because of th…
-
### Describe the change
Implement Content Security Policy
### Motivation
Security (and make this one guy stop sending us responsible disclosures)
### Current implementation
No CSP headers
…
-
Hello maintainer(s),
I am a security researcher from the Institute of Application Security at TU Braunschweig, Germany. We discovered a (potential) security vulnerability in your project.
We wo…
-
Hello maintainer(s),
I am a security researcher from the Institute of Application Security at TU Braunschweig, Germany. We discovered a (potential) security vulnerability in your project.
We wo…
-
Hello maintainer(s),
I am a security researcher from the Institute of Application Security at TU Braunschweig, Germany. We discovered a (potential) security vulnerability in your project.
We wo…