Closed JamieSlome closed 3 years ago
Hi!
I'll be taking care of this; sadly I can't access the actual vulnerability details.
Hello @PrincessRavy - I have granted you access now, apologies!
-- Jamie
@JamieSlome I can't see the report either! Also FYI nobody is going to pay you $40, you'll have to pay whoever found the "vulnerability" the money lol
I've responded on the advisory on huntr; tl;dr what ethan said, this is used in frontend to show a preview of out API and doesn't affect the consumer or us in any way, hence low severity. Not sure whether this will be accepted as a valid issue here, we'll look into it with our frontend dev.
e: Thanks for the responsible disclosure though! :D
@ebwinters @PrincessRavy - I am one of the staff members from huntr.dev! I am purely facilitating on behalf of @hakkk3r, the original discloser.
If the report is invalid in your eyes, feel free to let me know and I can mark the report accordingly, otherwise you can do this yourself on the platform.
I will get you access to the advisory now @ebwinters - we are currently in the process of re-building the way we get maintainers to access private advisories. Apologies in the interim.
Let me know if any more questions!
@ebwinters - just checked, you should have access to the report? By default, we responsibly disclosed, so we do not allow any public or authed user to view your reports, hence we currently require sign-in to view the details.
However, if you are anti-signing up, more than happy to send the report to a preferred e-mail address of your choosing?
Here to help!
makes sense the advisory is blocked to the public lol. Going to close this issue as it is not user impacting in anyway! Thanks for submitting
Hello,
We have received a potential vulnerability disclosure against your repository from @hakkk3r. I followed your
SECURITY.md
and have created this issue to notify you.The report is private to the maintainers and discloser of the vulnerability and can be found here. If you prefer to receive the details of the vulnerability via e-mail or on this issue instead, let me know and I will be more than happy to facilitate this for you.
-- Jamie from huntr.dev 🍰