ethjs-util icon indicating copy to clipboard operation
ethjs-util copied to clipboard
verified publisher icon ethjs

Trying to get in touch regarding a security issue

Open JamieSlome opened this issue 4 years ago • 6 comments

Hey there!

I'd like to report a security issue but cannot find contact instructions on your repository.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

JamieSlome avatar Sep 19 '21 14:09 JamieSlome

@JamieSlome you should do full disclosure, the time has passed

paulmillr avatar May 08 '23 21:05 paulmillr

@psmoros (cc)

JamieSlome avatar May 09 '23 10:05 JamieSlome

Last commit was 5 years ago, I doubt someone will reply.

paulmillr avatar May 09 '23 16:05 paulmillr

I can't find Nick's email anywhere... If you find it feel free to privately reach out otherwise you can just as well open a public issue

psmoros avatar May 22 '23 16:05 psmoros

I would really say go full disclosure, ethjs-util is used all over the ecosystem - and keeping the vuln closed endangers users

paulmillr avatar May 22 '23 16:05 paulmillr

Agreed! Sorry I thought you were the original author of the report. We will triage it internally and take a decision soon :)

psmoros avatar May 22 '23 16:05 psmoros