search

gin-gonic / gin

Gin is a HTTP web framework written in Go (Golang). It features a Martini-like API with much better performance -- up to 40 times faster. If you need smashing performance, get yourself some Gin.
https://gin-gonic.com/
MIT License
78.84k stars 8.02k forks source link

Reporting a vulnerability #3563

Open igibek opened 1 year ago

igibek commented 1 year ago

Hello!

I hope you are doing well!

We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.

Can you enable it, so that we can report it?

Thanks in advance!

PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

Harital commented 1 year ago

I also want to privately report a vulnerability. Unfortunately, I did not find where.

jnelle commented 1 year ago

Silence is the new answer, thx @appleboy and all the other maintainers

thinkerou commented 1 year ago

v1.9.1 have released, please see https://github.com/gin-gonic/gin/releases/tag/v1.9.1, thanks!

motoyasu-saburi commented 1 year ago

@thinkerou Probably a separate issue from the CVE-2023-29401 issue. Could you reopen this issue?

thinkerou commented 1 year ago

I and @appleboy have not the permission, need @javierprovecho thanks!

Harital commented 1 year ago

I'm afraid CWE-78 is also present in v1,9.1. Do you want to open a separate issue or attach it to this one?