I'd like to report a security vulnerability in nanohttpd. If a maintainer could kindly provide a list of GitHub usernames to include in a GitHub security advisory, I'd be happy to discuss this vulnerability privately.
If instead you'd like to disclose this vulnerability under this project, please don't hesitate to create a GitHub Security advisory under this repository:
This vulnerability disclosure follows Google's 90-day vulnerability disclosure policy (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.
If I don't hear from a maintainer in 30 days, this vulnerability will automatically become public and a CVE with no-fix-available will be automatically issued.
I'd like to report a security vulnerability in nanohttpd. If a maintainer could kindly provide a list of GitHub usernames to include in a GitHub security advisory, I'd be happy to discuss this vulnerability privately.
https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-2r85-x9cf-8fcg
If instead you'd like to disclose this vulnerability under this project, please don't hesitate to create a GitHub Security advisory under this repository:
https://github.com/NanoHttpd/nanohttpd/security/advisories
This vulnerability disclosure follows Google's 90-day vulnerability disclosure policy (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.
If I don't hear from a maintainer in 30 days, this vulnerability will automatically become public and a CVE with no-fix-available will be automatically issued.