Security Issues

[hmaverickadams]

Hi,

I am a penetration tester and discovered a couple of vulnerabilities within your application. I will be applying for CVE status on the findings, but would like to work with you on the issues if possible. I could not locate an email, so please feel free to shoot me your contact info if possible.

Thank you!

[sbrl]

Hello!

Sorry, I've been away taking some time off for the last 3 weeks. Sure, my contact details can be found on my website: https://starbeamrainbowlabs.com

See also me twitter: @SBRLabs

[sbrl]

Creating public GitHub repos for security issues before disclcoing is NOT responsible disclosure:

• https://github.com/hmaverickadams/CVE-2021-38600
• https://github.com/hmaverickadams/CVE-2021-38601

You have deleted the issues on these repos that I opened to try and contact you. I have my email address and contact instructions in these places:

• Pepperminty Wiki's main README (under contributing)
• All the commits I've made on here
• My GitHub profile
• My website (linked to via my GitHub profile)

....so I'm surprised you can't find my email address.

I'm beginning a systematic review of every line of code in Pepperminty Wiki for the issues described in the above repositories (though the wiki name one is hardly a properly vulnerability considering you need the site secret to fill in that form, and then you can't fill it in again - still I've fixed it anyway).

[sbrl]

Phew, that took forever. Making a new release.

[sbrl]

Since you're not replying and I'm pretty sure I've fixed the issue, I'm closing this issue. If there's more to discuss, I'll happily re-open.