search

shaka-project / shaka-streamer

A simple config-file based approach to preparing streaming media, based on FFmpeg and Shaka Packager.
https://shaka-project.github.io/shaka-streamer/
Apache License 2.0
198 stars 62 forks source link

Security vulnerabilty #102

Closed haby0 closed 2 years ago

haby0 commented 2 years ago

What would be the right contact to report a security vulnerabilty? thanks!

joeyparrish commented 2 years ago

You can send sensitive information to shaka-player-issues@google.com. Thank you!

shaka-bot commented 2 years ago

@haby0 Does this answer all your questions? Can we close the issue?

haby0 commented 2 years ago

I sent the details of the vulnerability to the email address you gave me. But no feedback.

joeyparrish commented 2 years ago

We apologize for the delay. Thank you for your report, and your offer of a PR to fix it. A PR would be very welcome!

haby0 commented 2 years ago

@joeyparrish Please check PR.

haby0 commented 2 years ago

@joeyparrish Hi, can you disclose this vulnerability and apply for a CVE?

Reference: https://docs.github.com/en/code-security/security-advisories/creating-a-security-advisory