americanexpress / jest-image-snapshot

✨ Jest matcher for image comparisons. Most commonly used for visual regression testing.
Apache License 2.0
3.85k stars 200 forks source link

Reporting a vulnerability #330

Closed igibek closed 1 year ago

igibek commented 1 year ago

Hello!

I hope you are doing well!

We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.

Can you enable it, so that we can report it?

Thanks in advance!

PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

Matthew-Mallimo commented 1 year ago

Hello!

At American Express, we take cybersecurity seriously and value the contributions of the security community at large. The responsible disclosure of potential issues helps us ensure the security and privacy of our customers and data. If you believe you’ve found a security issue in one of our products or services please send it to us and include the following details with your report:

A description of the issue and where it is located. A description of the steps required to reproduce the issue. Please note that this should not be construed as encouragement or permission to perform any of the following activities:

Hack, penetrate, or otherwise attempt to gain unauthorized access to American Express applications, systems, or data in violation of applicable law; Download, copy, disclose or use any proprietary or confidential American Express data, including customer data; and Adversely impact American Express or the operation of American Express applications or systems. American Express does not waive any rights or claims with respect to such activities.

Please email your message and any attachments to responsible.disclosure@aexp.com

Thank you for helping us keep American Express customers and data safe.