ant-design-blazor / ant-design-blazor

🌈A rich set of enterprise-class UI components based on Ant Design and Blazor.
https://antblazor.com/
MIT License
5.91k stars 1.09k forks source link

Security vulnerability report #4454

Open JarLob opened 3 weeks ago

JarLob commented 3 weeks ago

Hello, I'm a member of GitHub Security Lab. How can we report a security vulnerability in ant-design-blazor? We have tried sending email to shunjiey at hotmail.com on 2024-10-10, but didn't get a response.

@Epictek @ElderJames @mutouzdl @anddrzejb

petercat-assistant[bot] commented 3 weeks ago

To report a security vulnerability in ant-design-blazor, it's important to follow the project's security policy. Typically, open-source projects have a dedicated security contact or a process for reporting vulnerabilities. Here are some general steps you can take:

  1. Check the Security Policy: Look for a SECURITY.md file in the repository, which often contains instructions on how to report vulnerabilities.

  2. Contact Maintainers: If the email you tried didn't get a response, you might want to try reaching out to the maintainers through other means, such as opening a private issue if the repository supports it, or contacting them through their GitHub profiles.

  3. GitHub Security Advisories: You can also use GitHub's security advisories feature to report vulnerabilities directly through GitHub if the repository has it enabled.

Since you mentioned that you didn't get a response from the email, I recommend checking the repository for any additional contact information or security reporting guidelines. If you need further assistance, feel free to ask!

🪧 Tips For further assistance, please describe your question in the comments and @petercat-assistant to start a conversation with me.
ElderJames commented 3 weeks ago

Hello @JarLob , I'm sorry I didn't catch your email. May I ask what is the best way to do this? Because I don't know much about it yet.

JarLob commented 3 weeks ago

I think the most convenient would be if you could enable private advisories in the repository. This would allow to continue conversation in private space with maintainers. Otherwise any email limited to maintainers is fine too. Should I just repeat the email to shunjiey at hotmail.com? Is it correct address?

ElderJames commented 3 weeks ago

Yes, the email address is correct.

JarLob commented 3 weeks ago

Just resent it. Please check your spam folder if needed and confirm receipt.