matthewwithanm
commented
3 years ago @vstoykov Do you think you could take a look at this?
Closed JamieSlome closed 3 years ago
matthewwithanm
commented
3 years ago @vstoykov Do you think you could take a look at this?
vstoykov
commented
3 years ago @JamieSlome you can email me the details. I think that you can see my email in the Github profile or in some of my commits.
The title of the issue looks interesting. I'm still not sure that is relevant but when the details come via e-mail I'll have a look.
JamieSlome
commented
3 years ago @vstoykov - happy to send the details over to you via e-mail!
JamieSlome
commented
3 years ago @vstoykov - I am unable to find your e-mail. Could you ping an e-mail to security@huntr.dev, and I can respond to you with the details of the vulnerability.
Cheers!
vstoykov
commented
3 years ago After reviewing the details I can confirm that this is a false positive. It is for the hard coded security key in the test's setting.
Hello,
We recently received a vulnerability disclosure against your repository. I couldn't find an e-mail to contact or a security process to follow, so created this issue instead.
If you would like me to e-mail over the details or put them on the GitHub Issue, I'm more than happy to facilitate this for you. Otherwise, you can access the advisory here.
It is private to you and the discloser of the report.
If you have any questions, let me know.
-- Jamie from huntr.dev