nlf
commented
2 years ago the SECURITY.md has been created, thanks for the heads up!
Closed JamieSlome closed 2 years ago
nlf
commented
2 years ago the SECURITY.md has been created, thanks for the heads up!
Sampaguitas
commented
2 years ago Hi @nlf,
Thanks for your reply,
Report has been submitted to GitHub trough the link provided in your SECURITY.md file
With best regards,
Timothee
Sampaguitas
commented
2 years ago hi @nlf,
Report has been submitted to HackerOne's GitHub program as suggested in your SECURITY.md file however it seems that opensource repositories are out of scope...
You can find the vulnerability report on hunter.dev platform:
https://huntr.dev/bounties/dedc67a8-1f32-4dec-ad04-2405148e9131/
It is private and only accessible to maintainers with repository write permissions!
With best regards,
Timothee
Hey there!
I belong to an open source security research community, and a member (@sampaguitas) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a
SECURITY.mdfile with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)