search

bijoutrouvaille / fireward

A concise and readable language for Firestore security rules, similar to Firebase Bolt.
MIT License
238 stars 4 forks source link

Reporting a vulnerability #56

Closed igibek closed 1 year ago

igibek commented 1 year ago

Hello!

I hope you are doing well!

We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.

Can you enable it, so that we can report it?

Thanks in advance!

PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

CharlVS commented 1 year ago

@bijoutrouvaille, can you please post an update here to acknowledge and comment on the reported vulnerability?

@igibek What is the process if the author does not engage with you to resolve the vulnerability you've uncovered? There has been little activity in this repository in the past 2 years.

bijoutrouvaille commented 1 year ago

@igibek @CharlVS enabled, thank you. The repo is not very active because this project is mostly complete and doesn't need much else.

bijoutrouvaille commented 1 year ago

No vulnerability reported, closing