serbanghita / Mobile-Detect

Mobile_Detect is a lightweight PHP class for detecting mobile devices (including tablets). It uses the User-Agent string combined with specific HTTP headers to detect the mobile environment.

Home Page:http://mobiledetect.net

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Trying to get in touch regarding a security issue

psmoros opened this issue · comments

commented

Hello 👋

I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@NitescuLucian) has found a potential issue, which I would be eager to share with you.

Could you add a SECURITY.md file with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.

Looking forward to hearing from you 👍

(cc @huntr-helper)

@psmoros I will add a SECURITY.md file today, reach me at serbanghita@gmail.com

I have removed the file from the git tag archive for future versions, although this is not a real security issue:

exportToJSON.php is not a file that is being used in an exposed public setting. MobileDetect library is a PHP script that is being used by including src/MobileDetect.php file in your project (autoloader or manually), but exportToJSON.php is an utility script that is not intended for public use or inclusion.

A good thing about this report is that I will exclude this file from the following git tag archives because it's intended only for developers, and they can directly use the git clone feature not an actual git release archive.