asottile
commented
7 months ago if it's a reDOS just post it. pycodestyle isn't really a security sensitive library since it's just used against one's own source
Closed psmoros closed 7 months ago
asottile
commented
7 months ago if it's a reDOS just post it. pycodestyle isn't really a security sensitive library since it's just used against one's own source
asottile
commented
7 months ago ah I remember your startup
I responsibly reported a vulnerability against it on 2020-11-29 and you did not honor any sort of bounty despite taking action on the vulnerability
pretty shameful for a security bounty startup -- you also did not respond to my inquiry about including it in a write-up
Hello 👋
I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@lujiefsi) has found a potential issue, which I would be eager to share with you.
Could you add a
SECURITY.mdfile with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.Looking forward to hearing from you 👍
(cc @huntr-helper)