Security concern #370
Labels
Comments
|
@syoyo - I have updated the contents of this issue, can we re-open it? EDIT: Just for your reference, these are the two reports we received: https://huntr.dev/bounties/edfa7586-d39e-4b88-b51b-338b5922bee0/ |
|
You need to post minimal reproducible code and dataset if you find an issue. example: syoyo/tinyexr#169 |
|
I see :) Are you happy for me to share both vulnerabilities in separate GitHub Issues? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the issue
A security policy is not established for this project and it would be helpful to have an e-mail address or process that can be followed when a vulnerability has been discovered.
To Reproduce
There are no reproduction steps as this is not a bug nor a code-related issue, this is a maintenance issue.
Expected behaviour
There is no expected behaviour as this is not a bug nor a code-related issue, this is a maintenance issue.
Screenshots
Here is a screenshot of the project security policy being disabled...
Additional context
I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@Pyraun) has found a potential issue, which I would be eager to share with you.
Could you add a
SECURITY.mdfile with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.Looking forward to hearing from you 👍
(cc @huntr-helper)
The text was updated successfully, but these errors were encountered: