Closed Kwstubbs closed 9 months ago
da3dsoul
commented
9 months ago No offense, but we've got more than a few security issues, which we are slowly working to resolve. For now, we recommend that our users not host Shoko on any public endpoints. I can enable this feature, as you suggest, but things like possible remote code execution, filesystem access, and a generally bad user system are issues we are aware of.
Kwstubbs
commented
9 months ago @da3dsoul Please open Private Vulnerability Reporting and I will submit the report. I am happy to develop a patch to take the work off your hands and give you suggestions on any other vulnerabilities that you know of. This issue is obvious and the fix is quite easy so should not take too long.
Kwstubbs
commented
9 months ago Closing
I am from Github Security Lab and we noticed a security issue in your repo. Can you please enable Private Vulnerability Reporting in your repo so that we can communicate the issue and help you fix it? Thanks