Skip to content

Revise SECURITY.md with vulnerability details and request #5663

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
ROCmertakdag wants to merge 1 commit into from
+9 −0
Closed

Revise SECURITY.md with vulnerability details and request #5663

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
Hello,

During a security review, I identified multiple security vulnerabilities in Glide (affecting the GIF decoder and HTTP redirect handler). These lead to Denial of Service (DoS) and Sensitive HTTP Header Leakage.

Because this repository does not have GitHub's Private Vulnerability Reporting enabled, and there is no SECURITY.md file, I cannot safely disclose the details or the Proof of Concept (PoC) files here.

Could one of the core maintainers please provide a secure email address or preferably open a GitHub Private Security Advisory draft for me so I can share the full professional vulnerability report and PoC files with you privately?

Thank you, Mert Akdag
Loading