-
Notifications
You must be signed in to change notification settings - Fork 55
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #90 from daviddraw/dev
edits
- Loading branch information
Showing
7 changed files
with
37 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
--- | ||
title: Report a draw.io vulnerability on huntr.dev | ||
layout: page | ||
faq: true | ||
categories: [Trust] | ||
--- | ||
|
||
diagrams.net has registered its draw.io application repositories ([jgraph/drawio](https://github.com/jgraph/drawio) and [jgraph/drawio-desktop](https://github.com/jgraph/drawio-desktop)) on [huntr.dev](https://huntr.dev/). This service is used by security researchers and developers to report security vulnerabilities in any GitHub repository, and receive a bug-bounty for their report. | ||
|
||
1. Authorise [huntr.dev](https://huntr.dev/) to access your GitHub account, if you haven't already done so - click on _Login_ in the top right of the page, and follow the prompts to authorise access. | ||
2. View the [jgraph/drawio](https://huntr.dev/bounties/?target=https%3A%2F%2Fgithub.com%2Fjgraph%2Fdrawio) or the [jgraph/drawio-desktop](https://huntr.dev/bounties/?target=https%3A%2F%2Fgithub.com%2Fjgraph%2Fdrawio) listing. | ||
3. Click on the _Submit report_ link - below and to the right of the listing - and fill in the report form with as much detail as you can. | ||
|
||
**Note:** Reporting the same bug in both repositories will mark one as a duplicate. | ||
|
||
We will review and validate your report if the bug is indeed a security risk. You'll receive a notification via email on validation and confirmation of a bug-fix once it is released. | ||
|
||
At this point, huntr.dev will calculate the CVE bounty - based on the severity of the valid and fixed security vulnerability - then release the bounty to you as per their payment terms. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters