[security] Add credits for CVE-2022-0686

unshiftio · Feb 19, 2022 · 61864a8 · 61864a8
1 parent bb0104d
commit 61864a8
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -33,6 +33,17 @@ acknowledge your responsible disclosure, if you wish.
 
 ## History
 
+> A URL with a specified but empty port can be used to bypass authorization
+> checks.
+
+- **Reporter credits**
+  - Rohan Sharma
+  - GitHub: [@r0hansh](https://github.com/r0hansh)
+- Huntr report: https://www.huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c/
+- Fixed in: 1.5.8
+
+---
+
 > A specially crafted URL with empty userinfo and no host can be used to bypass
 > authorization checks.