Trying to get in touch regarding a security issue #65
Comments
|
Since the developers didn't respond, This project already have bug bounty program on bugcrowd: https://bugcrowd.com/xfinity-opensource, issues could be reported over there |
|
Thanks! |
|
@JamieSlome since it has been almost six months now, do you think you could disclose the issue so that users of uri-js can decide whether they need to protect themselves? It is a popular package in a lot of dependency trees, including eslint -> ajv -> uri-js. |
|
@ivan - you can find the report here, which ended up being a non-security issue: https://huntr.dev/bounties/28df74b0-9b0b-4c0f-adef-7630dc5f5b1d/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there,
I couldn't find a
SECURITY.mdin your repository and am not sure how to best contact you privately to disclose a security issue.Can you add a
SECURITY.mdfile with an e-mail to your repository, so that our system can send you the vulnerability details? GitHub suggests that a security policy is the best way to make sure security issues are responsibly disclosed.Once you've done that, you should receive an e-mail within the next hour with more info.
Thanks! (cc @huntr-helper)
The text was updated successfully, but these errors were encountered: