search

martinblech / xmltodict

Python module that makes working with XML feel like you are working with JSON
MIT License
5.47k stars 463 forks source link

Found a possible security concern #279

Open zidingz opened 2 years ago

zidingz commented 2 years ago

Hey there!

I belong to an open source security research community, and a member (@yetingli) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

cena7 commented 2 years ago

what is the resolution on this ? is there anything to be alarmed before using this ?

JamieSlome commented 2 years ago

We are still waiting for a response from the maintainer regarding the issue.

The report can be found here: https://huntr.dev/bounties/b32adea9-bb33-45a5-a1ad-c504e73e907f/

It is currently private and only accessible to @martinblech 👍