I have discovered a piece of code vulnerable to Path Traversal attacks (https://www.owasp.org/index.php/Path_Traversal). In short, the attacker might be able to read arbitrary files from the server.
I don't know if the code is deployed anywhere so, thus, i think that disclosing the vulnerability directly here without asking your opinion would be unethical.
Please let me know what is the preferred way of disclosing vulnerabilities for the project.
Hello,
I have discovered a piece of code vulnerable to Path Traversal attacks (https://www.owasp.org/index.php/Path_Traversal). In short, the attacker might be able to read arbitrary files from the server.
I don't know if the code is deployed anywhere so, thus, i think that disclosing the vulnerability directly here without asking your opinion would be unethical.
Please let me know what is the preferred way of disclosing vulnerabilities for the project.
Thanks!