Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential security issue #1443

Closed
JamieSlome opened this issue Jan 6, 2022 · 7 comments · Fixed by #1449
Closed

Potential security issue #1443

JamieSlome opened this issue Jan 6, 2022 · 7 comments · Fixed by #1449

Comments

@JamieSlome
Copy link
Contributor

Hey there!

I belong to an open source security research community, and a member (@ranjit-git) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)
@jimmywarting
Copy link
Collaborator

contact [email protected]

@JamieSlome
Copy link
Contributor Author

@jimmywarting - thanks for the heads up!

If you would prefer, you can view the report directly here:

https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/

It is private and only accessible to maintainers with repository write permissions.

@jimmywarting jimmywarting mentioned this issue Jan 13, 2022
Merged
4 tasks
@JamieSlome
Copy link
Contributor Author

@jimmywarting - if possible, could you kindly update the status of the report to valid/invalid?

This will make sure the researcher gets rewarded for their work, and you can also bag a bounty yourself for fixing it ❤️

@ranjit-git
Copy link

As the bug is fixed plz Mark the report as valid

@ranjit-git
Copy link

Ops sorry @JamieSlome
I did not see you commented

@jimmywarting
Copy link
Collaborator

Reported it as valid, and fixed in a PR will be released soon i hope: see #1451
needs one member to accept it first

@JamieSlome
Copy link
Contributor Author

@jimmywarting - thanks for the support here!

@Abdul1110 Abdul1110 mentioned this issue May 12, 2022
Open
@debricked debricked bot mentioned this issue May 16, 2022
Merged
@debricked debricked bot mentioned this issue Jul 18, 2022
Closed
@Svetlana-github Svetlana-github mentioned this issue May 16, 2022
Open
@yangricardo yangricardo mentioned this issue Apr 5, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(Headers): don't forward secure headers to 3th party jimmywarting/node-fetch
3 participants
@jimmywarting @ranjit-git @JamieSlome