Open lbettels opened 3 weeks ago
Hi lbettels,
Thanks for sharing your finding of a potential vulnerability on our project code.
We thank your insight and suggest a video conference with the other contributors (Diogo, Francisco and Isaak), so that you can explain where the attack vulnerability is, and best ways to fix it.
If you're not comfortable with a video conference, you can perhaps explain the issue in text through email, using this communication channel, making sure you copy all contributor emails added.
Al the best
Nuno
On Sat, 24 Aug 2024 at 13:22, lbettels @.***> wrote:
To whom it may concern,
I am a student researching a security vulnerability and may have identified one in your application. What is your prefered way of disclosing the vulnerability?
Cheers, lbettels
— Reply to this email directly, view it on GitHub https://github.com/cenoteandoDB/cenoteando/issues/97, or unsubscribe https://github.com/notifications/unsubscribe-auth/AS7TU4I4LCS7HMNKNQ2VDLDZTB3HJAVCNFSM6AAAAABNBRR47WVHI2DSMVQWIX3LMV43ASLTON2WKOZSGQ4DINJVGAYDGNI . You are receiving this because you are subscribed to this thread.Message ID: @.***>
--
Nuno Simoes Ph.D. UMDI-Sisal, Facultad de Ciencias, UNAM Sisal, Yucatán, México
http://www.bdmy.org.mx http://www.bdmy.org.mx piecemo.sisal.unam.mx http://piecemo.sisal.unam.mx/ http://www.cenoteando.com http://www.sisal.unam.mx/
Hey mfanito,
I apologize for the delay, the last weeks have been really busy for me. I will gladly send you an Email explaining the vulnerability, as a video conference does not suit me at the moment.
Also, I was only able to find Diogo's mail on his profile. Is it fine with all of you if I send the Mail to him?
Cheers! lbettels
Hi Yes, please. Send the mail to Diogo. All the best Nuno
On Tue, 3 Sept 2024 at 13:45, lbettels @.***> wrote:
Hey mfanito,
I apologize for the delay, the last weeks have been really busy for me. I will gladly send you an Email explaining the vulnerability, as a video conference does not suit me at the moment.
Also, I was only able to find Diogo's mail on his profile. Is it fine with all of you if I send the Mail to him?
Cheers! lbettels
— Reply to this email directly, view it on GitHub https://github.com/cenoteandoDB/cenoteando/issues/97#issuecomment-2326434178, or unsubscribe https://github.com/notifications/unsubscribe-auth/AS7TU4N22RX2JGG74LNCI5LZUWVQFAVCNFSM6AAAAABNBRR47WVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMRWGQZTIMJXHA . You are receiving this because you commented.Message ID: @.***>
--
Nuno Simoes Ph.D. UMDI-Sisal, Facultad de Ciencias, UNAM Sisal, Yucatán, México
http://www.bdmy.org.mx http://www.bdmy.org.mx piecemo.sisal.unam.mx http://piecemo.sisal.unam.mx/ http://www.cenoteando.com http://www.sisal.unam.mx/
I just sent the Mail. I hope the description is helpful, if any questions arise feel free to contact me.
Cheers, lbettels
To whom it may concern,
I am a student researching a security vulnerability and may have identified one in your application. What is your prefered way of disclosing the vulnerability?
Cheers, lbettels