How to get in touch regarding a security concern
psmoros opened this issue Β· comments
Hello π
I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@nightfury99) has found a potential issue, which I would be eager to share with you.
Could you add a SECURITY.md
file with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.
Looking forward to hearing from you π
(cc @huntr-helper)
Thanks for the feedback! I just configure the security policy https://github.com/KnpLabs/snappy/blob/master/SECURITY.md. Looking forward to hear from you!
Fixed in #469
Hi @AntoineLelaisant can you please attribute credit to @nightfury99 instead of me? Also should we attribute a CVE for the finding? :)
Credits updated π!
We already asked for a CVE from Github to be generated. It should be provided within 3 working days.
Thanks for your reporting!