[Bug]: Responsible Disclosure of Potential Security Vulnerabilities #3315
Unanswered
DeenoB
asked this question in
Troubleshooting
Replies: 3 comments 1 reply
-
mailto:contact@librechat.ai Works, thank you |
Beta Was this translation helpful? Give feedback.
0 replies
-
Could you please highlight the security issues? |
Beta Was this translation helpful? Give feedback.
1 reply
-
Hi all, two CVEs have been reserved for the vulnerabilities raised:
@danny-avila FYI, we will contact you further by email to discuss the fixes you merged recently (#3363). Thanks! |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
What happened?
The AppSec team at REA Group have performed a penetration test of LibreChat and have discovered a number of security vulnerabilities. We would like to work with the maintainer of LibreChat to discuss impact, remediation, and whether they should be raised as CVEs.
We have opted to use communication method Option 2 of your Security Policy (raising this issue). Trying to create a security issue in the repo only links to the security policy and we can't raise an advisory from there.
Please advise for the best way to engage you; ideally an email address (is contact@librechat.ai still appropriate?). We would prefer not to use Discord for this communication. Thanks team!
Steps to Reproduce
To be discussed in private channels.
What browsers are you seeing the problem on?
No response
Relevant log output
No response
Screenshots
No response
Code of Conduct
Beta Was this translation helpful? Give feedback.
All reactions