Trying to get in touch regarding a security issue

[JamieSlome]

Hey there!

I'd like to report a security issue but cannot find contact instructions on your repository.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

[StanByes]

Hello @JamieSlome you can join our Discord and explain the issue to one "Support" or "Modérateur" or in the channel "support" ;)

[crowwd]

whats the security problem

[JamieSlome]

We received a few reports:

https://huntr.dev/bounties/56f6acea-4005-4705-ba49-6572f6044552/
https://huntr.dev/bounties/4a284b90-b10b-4e60-9c8b-b15b085f3099/
https://huntr.dev/bounties/34ab514b-199d-427c-adb2-de773ce722c7/
https://huntr.dev/bounties/b46891aa-8788-4571-a2cd-695e9760d6fa/

[StanByes]

We have a simple problem, all reports that you sended are in private mode.
Can you turn they on public mode ?

[JamieSlome]

@StanByes - you can view the reports by logging in with your GitHub account, otherwise, we can continue to make all of the reports public, if that is suitable for you and the other maintainers?

[StanByes]

I just try and I didn't access to the reports

[JamieSlome]

@StanByes - if you could let us know of an e-mail in your SECURITY.md that we can send a magic link to, then you will be able to view the report without logging in.

[nivcoo]

@StanByes - if you could let us know of an e-mail in your SECURITY.md that we can send a magic link to, then you will be able to view the report without logging in.

Hello, i've fixed 3 issues out of 4, and i've leave message into the last report, i've discuss with Labda to know how works huntr website also, for security.md i can add that but actually you can discuss with me.