ptcNOP
commented
5 years ago Thank you for reporting. Are you comfortable with us reaching out via email?
Open tch1bo opened 5 years ago
ptcNOP
commented
5 years ago Thank you for reporting. Are you comfortable with us reaching out via email?
tch1bo
commented
5 years ago Sure. Should i use this one opensource@mitre.org?
ptcNOP
commented
5 years ago That will work.
Hello,
I have discovered a piece of code vulnerable to Path Traversal attacks (https://www.owasp.org/index.php/Path_Traversal). In short, the attacker might be able to read arbitrary files from the server.
I don't know if the code is deployed anywhere so, thus, i think that disclosing the vulnerability directly here without asking your opinion would be unethical.
Please let me know what is the preferred way of disclosing vulnerabilities for the project.
Thanks!