Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
to your account
I found a security vulnerability in engelsystem. How shall I provide more details?
The text was updated successfully, but these errors were encountered:
Hi @mschop, afaik there is no explicit address for this, so you should write a Message to the email@example.com and @msquare will answer you. Afaik he is busy atm so it would be nice if you could include me in the conversation too ;)
Sorry, something went wrong.
Hi, please provide the details per e-mail to firstname.lastname@example.org - or directly to me email@example.com.
Require POST for sending forms
* Ensure that the form is submitted with a post request
* Replaced several links with forms
Closes engelsystem#494 (Security Vulnerability)
@msquare is the fix already released?
Since the installation is still mostly done by cloning the repository, this may be seen as released, i guess.
@msquare Ok. Thanks. Then I publish the details right now for the CVE.
Those are the details regarding the security vulnerability:
There was no CSRF protection mechnism in engelsystem. This allowed attackers, to slip an user a spoofed request.
Yes, ok. Thank you.
Successfully merging a pull request may close this issue.