Security concern #873
Comments
Merged
|
Thanks for opening this issue, @JamieSlome. @rodpwn, I'm ready and willing to fix the issue and looking forward to hearing from you soon. |
|
@scorphus - please see the report here: https://huntr.dev/bounties/ccf6fb3b-faf5-44f2-99e2-15ba16a48d35/ It is private and only accessible to maintainers with write access! |
|
The report is invalid and has already been marked as so, with a counter example demonstrating the correct and expected behavior of Fish Shell. Counter example provided: function echo-argv-after-sleep
echo "Current date is:" (date)
echo "Sleeping for 2 seconds..."
sleep 2
echo "Here is \$argv: $argv"
end
echo-argv-after-sleep (date > /tmp/foo && cat /tmp/foo) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey there!
I belong to an open source security research community, and a member (@rodpwn) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a
SECURITY.mdfile with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
The text was updated successfully, but these errors were encountered: