Trying to get in touch regarding a security issue
psmoros opened this issue · comments
Hello 👋
I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@NitescuLucian) has found a potential issue, which I would be eager to share with you.
Could you add a SECURITY.md
file with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.
Looking forward to hearing from you 👍
(cc @huntr-helper)
@psmoros I will add a SECURITY.md
file today, reach me at serbanghita@gmail.com
I have removed the file from the git tag archive for future versions, although this is not a real security issue:
exportToJSON.php is not a file that is being used in an exposed public setting. MobileDetect library is a PHP script that is being used by including src/MobileDetect.php file in your project (autoloader or manually), but exportToJSON.php is an utility script that is not intended for public use or inclusion.
A good thing about this report is that I will exclude this file from the following git tag archives because it's intended only for developers, and they can directly use the git clone feature not an actual git release archive.