Closed haby0 closed 2 years ago
Hi @haby0 ,
Thanks for raising this issue and for not exposing the vulnerability directly in github.
The first step would be to contact the OpenSfM contributors via a private message and explain more details. That would be either me, @paulinus or @YanNoun .
Best regards, Fabian
Hi @haby0 ,
Thanks for raising this issue and for not exposing the vulnerability directly in github.
The first step would be to contact the OpenSfM contributors via a private message and explain more details. That would be either me, @paulinus or @YanNoun .
Best regards, Fabian
I will send you the security vulnerability through the gmail provided on your github homepage.
One month has passed since the last communication, do you have any news to reply to me?
Hi @haby0 ,
Thanks again for reporting this issue. As I said in the mail, I forwarded this to the responsible developer and created a task. Please note that the SfM Viewer is a pure local development tool and should NOT run in a production setting, where anybody other than you can accesses the server! With this in mind, we don't consider the "vulnerability" critical, thus it's not really high up in our list of tasks.
Since this is an open source project, there's always the possibility to create a PR that fixes the vulnerability. Feel free to go this way and link to this issue :D
Thanks again and looking forward to your contribution.
Best, Fabian
What would be the right contact to report a security vulnerabilty? thanks!