Trying to get in touch regarding a security issue #324
Comments
|
@zidingz I've forked and migrated the entire codebase to ES6... maybe the issue is therefore gone? |
|
@evdama - potentially. You can find three reports we have received against this repository here: https://huntr.dev/bounties/29bcb9c4-bf34-40a9-bf3e-34645c62789c They are all private and only accessible to maintainers with repository write permissions 👍 Let me know if you have any questions. |
|
Ok, I see, I've forked the repo to https://github.com/evdama/is-it-check and upgraded it etc.
Therefore I don't seem to have access to the three links you provided right?
Can you maybe go to my forked repo and create the bounties again because then I have owner permissions which then means I can access the bounty report on huntr.dev?
…On Fri, Mar 18, 2022 at 12:39 PM Jamie Slome ***@***.***> wrote:
@evdama <https://github.com/evdama> - potentially. You can find three
reports we have received against this repository here:
https://huntr.dev/bounties/29bcb9c4-bf34-40a9-bf3e-34645c62789c
https://huntr.dev/bounties/4bedb324-6fed-422e-b4b8-3624d09ca686
https://huntr.dev/bounties/56380c87-a124-4686-8db7-1e4e42514f64
They are all private and only accessible to maintainers with repository
write permissions 👍 Let me know if you have any questions.
—
Reply to this email directly, view it on GitHub
<#324 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AJMM2BEMX36FY5OISW7RQ73VARTNTANCNFSM5C54RBKQ>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Ah, I see! We would require our researchers to therefore submit vulnerabilities against your repository. @yetingli and @ready-research - if you want, you are both welcome to submit your reports to the forked repository, given that the vulnerability exists 👍 |
|
Thanks @evdama and @JamieSlome . I have submitted my reports, please check them out. https://www.huntr.dev/bounties/8582ef0e-6ea1-40a3-8de0-30c53dbc76af/ |
|
First one is fixed now |
|
Second one is fixed too... issue can be closed |
|
So what is the solution for those of us who use packages that are dependent on the original? Is there a PR? Does someone even have authority to approve/merge an PR? |
Hey there!
I'd like to report a security issue but cannot find contact instructions on your repository.
If not a hassle, might you kindly add a
SECURITY.mdfile with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
The text was updated successfully, but these errors were encountered: