Hey there!

I belong to an open source security research community, and a member (@whokilleddb) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

Has the issue been fixed?
Does this refer to the Konga GUI or is it something about the Kong Admin API?

I'm just curious, no need to answer.

The issue has not yet been seen by the maintainer. Just for reference, the report can be found here:

https://huntr.dev/bounties/7440cefe-0b53-4f05-8ba5-43b8fac7bd4d/

It is currently private, but any maintainer with repository write permissions will be able to view it (cc @pantsel).