Code Monkey home page Code Monkey logo

Comments (4)

DanielRuf avatar DanielRuf commented on May 20, 2024

Hi @zidingz,

please send me the details to [email protected]. Also there is my email address in every commit message.

from html-minifier-terser.

DanielRuf avatar DanielRuf commented on May 20, 2024

I think there went something terribly wrong with huntr:

I've got 6 emails, 4 of them with the same subject line:

[ Cross-Site Request Forgery (CSRF) ] New Security Issue in cachet

[ Unimplemented or Unsupported Feature in UI ] New Security Issue in cachet

[ Insufficient Documentation of Error Handling Techniques ] New Security Issue in cachet

[ Insufficient Documentation of Error Handling Techniques ] New Security Issue in cachet

[ Insufficient Documentation of Error Handling Techniques ] New Security Issue in cachet

[ Insufficient Documentation of Error Handling Techniques ] New Security Issue in cachet

Totally different project and it seems you reported these things to a fork of the original project, which makes not that much sense. And most of them are duplicates.

Bildschirmfoto 2021-09-01 um 19 27 38

Bildschirmfoto 2021-09-01 um 19 32 15

Also leaking details regarding other unrelated projects is not great either:

Bildschirmfoto 2021-09-01 um 19 26 43

Sending details to the wrong persons is critical. Please check this with your team before sending any emails and better remove this "other advisories" part on the right side which leaks details regarding different projects. It seems your team and project lack some good security practices in general @JamieSlome

from html-minifier-terser.

JamieSlome avatar JamieSlome commented on May 20, 2024

@DanielRuf - thanks for your comments and for sharing this with us.

With regards to the e-mails, I apologise that these were sent over to you. We have identified the cause and will be reviewing this tomorrow to ensure it doesn't happen again.

The links provided for other projects on reports are only visible if the vulnerability has been patched, and so no details are being leaked cross-projects.

Nonetheless, I will review your comments with the team and thank you for your patience! 🍰

from html-minifier-terser.

zidingz avatar zidingz commented on May 20, 2024

@DanielRuf So sorry for this! We've identified the cause and remedied the permissions.

I've just sent you the correct email regarding the issue in html-minifier-terser.

Thank you so much for bringing attention to our error; it's of utmost importance that we take extra care in future.

from html-minifier-terser.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.