JonDeG
commented
9 years ago I'll email you.
Open lesowens321 opened 9 years ago
JonDeG
commented
9 years ago I'll email you.
JonDeG
commented
9 years ago I emailed you a couple days ago but did not hear back. Please let me know if you did not receive my email. Thanks.
Hi, I am a security researcher and I've found an issue in the latest version of ProjectPier (0.8.8). I'd like to coordinate disclosure of the vulnerability with a point-of-contact on the team. Alternatively, I can post the exploit here; many people prefer the off-line discussion, I'm fine either way. Per typical vulnerability disclosure policies (e.g., US-CERT, Google, Secunia, etc.), it is customary for me to disclose publicly if I am not able to reach anyone on the team to coordinate or if sufficient time has passed. Please feel free to e-mail me at lesowens321 AT gmail or reply here as to how you'd like me to communicate this. Again, I'm fine to post as a bug if you'd prefer that.