Closed febinrev closed 11 months ago
ib
commented
1 year ago I've enabled private vulnerability reporting for the repository. You should be able to report at https://github.com/ib/xarchiver/security. If it doesn't work, please let me know. I'll have to re-check the configuration for private vulnerability reporting then.
febinrev
commented
1 year ago I've enabled private vulnerability reporting for the repository. You should be able to report at https://github.com/ib/xarchiver/security. If it doesn't work, please let me know. I'll have to re-check the configuration for private vulnerability reporting then.
Hey, just reported the vulnerability there.
edit: Sorry for the late response, was busy last week and didn't notice your reply.
ib
commented
11 months ago Fixed. Thank you for reporting.
febinrev
commented
11 months ago Thanks!
On Wed, 27 Dec, 2023, 5:22 pm Ingo Brückl, @.***> wrote:
Fixed. Thank you for reporting.
— Reply to this email directly, view it on GitHub https://github.com/ib/xarchiver/issues/183#issuecomment-1870236280, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMOPJUTTR5FDEX77PSQATJLYLQDYNAVCNFSM6AAAAAA63ISUJCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZQGIZTMMRYGA . You are receiving this because you authored the thread.Message ID: @.***>
I am a security researcher, and I have found a security vulnerability in Xarchiver and the vulnerability is capable of Remote Command Execution upon extracting a crafted Archive.
I would like to safely disclose the details about the vulnerability to the devs, please provide me with the right contact information to report the bug.
My Email: febin.sec@gmail.com
Thanks, Febin