Trying to get in touch regarding a security issue

Question

Trying to get in touch regarding a security issue

zidingz opened this issue 3 years ago · comments

Hi there,

I couldn't find a SECURITY.md in your repository and am not sure how to best contact you privately to disclose a security issue.

Can you add a SECURITY.md file with an e-mail to your repository, so that our system can send you the vulnerability details? GitHub suggests that a security policy is the best way to make sure security issues are responsibly disclosed.

Once you've done that, you should receive an e-mail within the next hour with more info.

Thanks! (cc @huntr-helper)

Krzysztof Wolski · Answer 1 · Mon Aug 02 2021 22:00:12 GMT+0800 (China Standard Time)

Hello! Thank you for the contact. Security-related address: security@saleor.io (https://github.com/mirumee/saleor/blob/master/SECURITY.md)

stale · Answer 2 · Sat Oct 02 2021 09:21:42 GMT+0800 (China Standard Time)

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

Sanyam Khurana · Answer 3 · Sat Feb 26 2022 04:27:46 GMT+0800 (China Standard Time)

Was this security vulnerability resolved? @krzysztofwolski @zidingz

Jamie Slome · Answer 4 · Sun Feb 27 2022 15:49:27 GMT+0800 (China Standard Time)

@krzysztofwolski - in case you never got your hands on the report, it can be found here:

https://huntr.dev/bounties/566d11fc-fe96-4049-b2d5-a971800ca8b0/