michaelweiser
commented
3 years ago Thanks for the report. You can send an email with the details to security@peekabooav.de.
Closed mardom1 closed 3 years ago
michaelweiser
commented
3 years ago Thanks for the report. You can send an email with the details to security@peekabooav.de.
michaelweiser
commented
3 years ago We have received your detailed information. We have reproduced the issue and are working on a fix. I will make this issue confidential for now. It will be restored to public access for further tracking and documentation once a fix is released. If you have any further comments or details you can send them to security@peekabooav.de as before. Thank you!
michaelweiser
commented
3 years ago The issue has been fixed in development by commit https://github.com/scVENUS/PeekabooAV/commit/a839b795cbd2776df8cccc4302a8f35a52de7119. This change is part of release 2.0.1, available since yesterday afternoon at https://github.com/scVENUS/PeekabooAV/releases/tag/v2.0.1. Thanks for your report and detailed analysis, @mardom1.
We found a vulnerability in the way regex expressions are matched in rules.
What is the proper way to disclose such vulnerabilities?