Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Issue #368

Closed
J-GainSec opened this issue Jul 27, 2022 · 4 comments
Closed

Security Issue #368

J-GainSec opened this issue Jul 27, 2022 · 4 comments
Assignees
@ryanlelek
Labels
pending Pending Close. Respond priority Important security Security Questions and Reports

Comments

@J-GainSec
Copy link

Hi, I found three security issues within your application. I'm hoping to get in touch to disclose further details about them. If you can reach out via GitHub or security@gainsecmail.com I will share the details privately.

Thank you for your time
@ryanlelek ryanlelek added the priority Important label Jul 27, 2022
@ryanlelek
Copy link
Owner

Thank you, emailed
cc @gilbitron

This was referenced Aug 4, 2022
Merged
Merged
@ryanlelek
Copy link
Owner

Should be fixed in Release v0.17.1
Thank you for reporting

@ryanlelek ryanlelek added the pending Pending Close. Respond label Aug 9, 2022
@ryanlelek
Copy link
Owner

@J-GainSec Hi there.
I see the CVEs flowing into the automated reporting systems.
Were you able to re-test v0.17.1 with patches? (If not that's ok)

Anything else you need or can we close this issue?

@ryanlelek ryanlelek added the security Security Questions and Reports label Aug 12, 2022
@ryanlelek ryanlelek self-assigned this Aug 12, 2022
@J-GainSec
Copy link
Author

I have not but I'm happy too in the upcoming week if you'd like.

I'm all good if not. You can close the issue.

Thank you for your responsiveness and professionalism.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ryanlelek ryanlelek

Labels
pending Pending Close. Respond priority Important security Security Questions and Reports
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ryanlelek @J-GainSec