mymindishazel
commented
3 years ago Hi!
I'll be taking care of this; sadly I can't access the actual vulnerability details.
Closed JamieSlome closed 3 years ago
mymindishazel
commented
3 years ago Hi!
I'll be taking care of this; sadly I can't access the actual vulnerability details.
JamieSlome
commented
3 years ago Hello @PrincessRavy - I have granted you access now, apologies!
-- Jamie
ebwinters
commented
3 years ago @JamieSlome I can't see the report either! Also FYI nobody is going to pay you $40, you'll have to pay whoever found the "vulnerability" the money lol
mymindishazel
commented
3 years ago I've responded on the advisory on huntr; tl;dr what ethan said, this is used in frontend to show a preview of out API and doesn't affect the consumer or us in any way, hence low severity. Not sure whether this will be accepted as a valid issue here, we'll look into it with our frontend dev.
e: Thanks for the responsible disclosure though! :D
JamieSlome
commented
3 years ago @ebwinters @PrincessRavy - I am one of the staff members from huntr.dev! I am purely facilitating on behalf of @hakkk3r, the original discloser.
If the report is invalid in your eyes, feel free to let me know and I can mark the report accordingly, otherwise you can do this yourself on the platform.
I will get you access to the advisory now @ebwinters - we are currently in the process of re-building the way we get maintainers to access private advisories. Apologies in the interim.
Let me know if any more questions!
JamieSlome
commented
3 years ago @ebwinters - just checked, you should have access to the report? By default, we responsibly disclosed, so we do not allow any public or authed user to view your reports, hence we currently require sign-in to view the details.
However, if you are anti-signing up, more than happy to send the report to a preferred e-mail address of your choosing?
Here to help!
ebwinters
commented
3 years ago makes sense the advisory is blocked to the public lol. Going to close this issue as it is not user impacting in anyway! Thanks for submitting
Hello,
We have received a potential vulnerability disclosure against your repository from @hakkk3r. I followed your
SECURITY.mdand have created this issue to notify you.The report is private to the maintainers and discloser of the vulnerability and can be found here. If you prefer to receive the details of the vulnerability via e-mail or on this issue instead, let me know and I will be more than happy to facilitate this for you.
-- Jamie from huntr.dev 🍰