multiscanner icon indicating copy to clipboard operation
multiscanner copied to clipboard
verified publisher icon mitre

Path Traversal

Open tch1bo opened this issue 7 years ago • 3 comments

Hello,

I have discovered a piece of code vulnerable to Path Traversal attacks (https://www.owasp.org/index.php/Path_Traversal). In short, the attacker might be able to read arbitrary files from the server.

I don't know if the code is deployed anywhere so, thus, i think that disclosing the vulnerability directly here without asking your opinion would be unethical.

Please let me know what is the preferred way of disclosing vulnerabilities for the project.

Thanks!

tch1bo avatar Nov 14 '18 17:11 tch1bo

Thank you for reporting. Are you comfortable with us reaching out via email?

ptcNOP avatar Nov 14 '18 19:11 ptcNOP

Sure. Should i use this one [email protected]?

tch1bo avatar Nov 14 '18 20:11 tch1bo

That will work.

ptcNOP avatar Nov 14 '18 21:11 ptcNOP