search

ArthurSonzogni / Diagon

Interactive ASCII art diagram generators. :star2:
https://arthursonzogni.com/Diagon/
MIT License
1.47k stars 56 forks source link

Security vulnerabilities #65

Closed talos-vulndev closed 1 year ago

talos-vulndev commented 1 year ago

Hello, the Cisco Talos team found a security vulnerability affecting Diagon. As this is a sensitive security issue, this message is to request a PGP key for further communication. Please acknowledge receipt of this message by email to vulndiscovery@external.cisco.com

For further information about the Cisco Vendor Vulnerability Reporting and Disclosure Policy please refer to this document which also links to our public PGP key. https://tools.cisco.com/security/center/resources/vendor_vulnerability_policy.html Please CC vulndiscovery@external.cisco.com on all correspondence related to this issue.

ArthurSonzogni commented 1 year ago

Hello, thanks for reporting bugs.

Instead of using PGP, you can also use github: https://github.com/ArthurSonzogni/Diagon/security/advisories/new

My PGP keys are: https://keyserver.ubuntu.com/pks/lookup?op=get&search=sonzogniarthur@gmail.com I will send an email, as you asked.

ArthurSonzogni commented 1 year ago

Fixed in v1.1.158 See the two CL above.

I released the new version. I rolled out the new version as "stable" in linux snap. This should update the ~80 existing users.

I ran the fuzzer for a long time and did not find anything new.