search

ladjs / superagent

Ajax for Node.js and browsers (JS HTTP client). Maintained for @forwardemail, @ladjs, @spamscanner, @breejs, @cabinjs, and @lassjs.
https://ladjs.github.io/superagent/
MIT License
16.58k stars 1.33k forks source link

Security concern #1646

Closed zidingz closed 2 years ago

zidingz commented 2 years ago

Hey there!

I belong to an open source security research community, and a member (@yetingli) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

niftylettuce commented 2 years ago

You can email niftylettuce@gmail.com with the issue @yetinli and @zidingz

JamieSlome commented 2 years ago

@niftylettuce - if it is any help, you can view the report directly here:

https://huntr.dev/bounties/2036a922-794f-47cf-a557-3ca51227b55f/

It is private and only accessible to maintainers with repository write perms...