How can I report a potential security vulnerability?

ytdl-org / youtube-dl

Command-line program to download videos from YouTube.com and other video sites

http://ytdl-org.github.io/youtube-dl/

The Unlicense

130.1k stars 9.81k forks source link

How can I report a potential security vulnerability? #30756

Open gamer191 opened 2 years ago

gamer191 commented 2 years ago

Checklist

[x] I'm asking a question
[x] I've looked through the README and FAQ for similar questions
[x] I've searched the bugtracker for similar questions including closed ones

Question

To whom it may concern, I have found a potential security issue in Youtube-DL. I'm wondering what the best way for me to report it is? Kind regards, Gamer191

pukkandan commented 2 years ago

dirkf commented 2 years ago

If you were to clone the repo and exercise the git log function, a suitable email address might be revealed.

Having said that, I am sceptical that any yt-dl bug would present a sufficiently serious vulnerability, in the absence of an underlying OS or Python vulnerability, to merit private disclosure.

gamer191 commented 2 years ago

Whoops, I forgot about this, I will send an email now

Having said that, I am sceptical that any yt-dl bug would present a sufficiently serious vulnerability, in the absence of an underlying OS or Python vulnerability, to merit private disclosure.

It almost certainly doesn't merit private disclosure, but I'm not a security expert, so I'm not going to make that call

JarLob commented 1 month ago

@dirkf Could you please confirm that the email to report potential security issues is fieldhouse<>gmx.net?