-
Notifications
You must be signed in to change notification settings - Fork 810
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security concern #873
Comments
Thanks for opening this issue, @JamieSlome. @rodpwn, I'm ready and willing to fix the issue and looking forward to hearing from you soon. |
@scorphus - please see the report here: https://huntr.dev/bounties/ccf6fb3b-faf5-44f2-99e2-15ba16a48d35/ It is private and only accessible to maintainers with write access! |
The report is invalid and has already been marked as so, with a counter example demonstrating the correct and expected behavior of Fish Shell. Counter example provided: function echo-argv-after-sleep
echo "Current date is:" (date)
echo "Sleeping for 2 seconds..."
sleep 2
echo "Here is \$argv: $argv"
end
echo-argv-after-sleep (date > /tmp/foo && cat /tmp/foo) |
Hey there!
I belong to an open source security research community, and a member (@rodpwn) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a
SECURITY.md
file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
The text was updated successfully, but these errors were encountered: