Trying to get in touch regarding a security issue
psmoros opened this issue Β· comments
Hello π
I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@cupc4k3) has found a potential issue, which I would be eager to share with you.
Could you add a SECURITY.md
file with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.
Looking forward to hearing from you π
(cc @huntr-helper)
Hello, we have the email listed right on the README: https://github.com/pyrocms/pyrocms#security
Before sharing, just know that I am not interested in "vulnerabilities" from within the control panel that require admin authentication in order to execute, unless that authentication is gained through a vulnerability. This software only very lightly sanitizes administrative input from within the control panel.