Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Vulnerability to report #1290

Closed
4xpl0r3r opened this issue Apr 24, 2024 · 1 comment
Closed

Security Vulnerability to report #1290

4xpl0r3r opened this issue Apr 24, 2024 · 1 comment
Labels
tsc-agenda

Comments

@4xpl0r3r
Copy link

Hello Nodejs @RafaelGSS and nodejs security-wg,

I have located a secuity vulnerability to report which could lead to complete compromising. But I have submitted 4 reports to you, 2 informational but incosistent handling, 1 valid but duplicated and 1 triaged valid. As a new user for HackerOne, I'm not able to deliver more research report to you. To deliver my new reports with PoC completed, can you consider temporaryily disable your "Signal Requirement"? Since my reports haven't been resolved, my signal is still "underdetermined".

I know this is a unresonable request, but what I'm doing is just to deliver security vulnerability to you ASAP. I believe it's important to both you and me.

Threat Actors please don't contact me, I won't response you.
@4xpl0r3r 4xpl0r3r mentioned this issue Apr 24, 2024
Closed
@RafaelGSS
Copy link
Member

@4xpl0r3r I'm afraid that won't be possible. We are always targeted by spam and it makes the maintenance of Node.js H1 hard. Feel free to have a direct conversation with me through the OpenJS Foundation Slack https://openjsf.org/collaboration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
tsc-agenda
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mcollina @4xpl0r3r @RafaelGSS