panique / huge

Simple user-authentication solution, embedded into a small framework.
2.14k stars 788 forks source link

Trying to get in touch regarding a security issue #895

Open JamieSlome opened 3 years ago

JamieSlome commented 3 years ago

Hi there,

I couldn't find a SECURITY.md in your repository and am not sure how to best contact you privately to disclose a security issue.

Can you add a SECURITY.md file with an e-mail to your repository, so that our system can send you the vulnerability details? GitHub suggests that a security policy is the best way to make sure security issues are responsibly disclosed.

Once you've done that, you should receive an e-mail within the next hour with more info.

Thanks! (cc @huntr-helper)

panique commented 3 years ago

Hi Jamie, thanks a lot, but this project has reached End of Life for around 6 years, not sure how to deal with this issue. You can reach me by using my github name @web.de ! See you Jamie

losttheplot commented 3 years ago

Hi Jamie, I have built a massive project starting with Huge at its core and working outwards. I'm fairly confident that what I have ended up with is secure, but never say never and just the hint of a problem has me worried. Personally, if there is no way to publicise the issue in private, I would rather you just go ahead and post it on here ...but that's just my opinion.

JamieSlome commented 3 years ago

https://github.com/panique/huge/pull/896 - please refer to.

JamieSlome commented 3 years ago

@panique - alternatively, you can view the advisory here. It is only accessible to you and the researcher.

https://huntr.dev/bounties/1625876449495-panique/huge/