From 4f2ae676fe0482eb8354e21b63b080924c84350c Mon Sep 17 00:00:00 2001
From: Luigi Pinca <luigipinca@gmail.com>
Date: Thu, 17 Feb 2022 09:09:28 +0100
Subject: [PATCH] [security] Add credits for CVE-2022-0639

---
 SECURITY.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/SECURITY.md b/SECURITY.md
index af05717..1a7cee6 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -33,6 +33,18 @@ acknowledge your responsible disclosure, if you wish.
 
 ## History
 
+> A specially crafted URL with empty userinfo and no host can be used to bypass
+> authorization checks.
+
+- **Reporter credits**
+  - Haxatron
+  - GitHub: [@haxatron](https://github.com/haxatron)
+  - Twitter: [@haxatron1](https://twitter.com/haxatron1)
+- Huntr report: https://www.huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155/
+- Fixed in: 1.5.7
+
+---
+
 > Incorrect handling of username and password can lead to authorization bypass.
 
 - **Reporter credits**