Potential Security Issues #127
Comments
|
Hey Jamie! Awesome thanks. Do you have any PR for resolving these problems? |
|
@geek-at - we can open up this advisory to our users once we validate it, and we can begin sourcing fixes for it. Otherwise, you can always check with the discloser to see if they have anything in mind. |
|
Hi @geek-at, I reported the two first bugs Is it possible to validate them directly in huntr.dev ? So we can get paid and gain the associated xp :) Best regards, |
|
So is it safe to use this on my server or not? |
|
Yes. All reported vulnerabilities are only working if you don't follow the configuration. Mainly this part If you're using the docker image you're safe out of the box |
|
I dont use docker |
Hello,
I'm just getting in touch as we recently received some disclosures against this repository through our disclosure program. I tried looking for a contactable e-mail and security policy to send the details to, but could not find either.
You can find the details for the disclosures here:
https://huntr.dev/bounties/1-HaschekSolutions/pictshare/
https://huntr.dev/bounties/2-HaschekSolutions/pictshare/
https://huntr.dev/bounties/3-HaschekSolutions/pictshare/
https://huntr.dev/bounties/4-HaschekSolutions/pictshare/
They are private to yourself and the reporter. If you would prefer not to sign-up to view the disclosures, let me know, and I will be happy to share them with you over some other means.
Let me know if you have any questions.
-- Jamie from huntr.dev
The text was updated successfully, but these errors were encountered: