Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability Disclosure Github Security Lab #1088

Closed
Kwstubbs opened this issue Sep 18, 2023 · 3 comments
Closed

Vulnerability Disclosure Github Security Lab #1088

Kwstubbs opened this issue Sep 18, 2023 · 3 comments

Comments

@Kwstubbs
Copy link
Contributor

Kwstubbs commented Sep 18, 2023
edited
Loading

I am from Github Security Lab and we noticed a security issue in your repo. Can you please enable Private Vulnerability Reporting in your repo so that we can communicate the issue and help you fix it? Thanks
@da3dsoul
Copy link
Member

da3dsoul commented Sep 18, 2023
edited
Loading

No offense, but we've got more than a few security issues, which we are slowly working to resolve. For now, we recommend that our users not host Shoko on any public endpoints.
I can enable this feature, as you suggest, but things like possible remote code execution, filesystem access, and a generally bad user system are issues we are aware of.

@Kwstubbs
Copy link
Contributor Author

@da3dsoul Please open Private Vulnerability Reporting and I will submit the report. I am happy to develop a patch to take the work off your hands and give you suggestions on any other vulnerabilities that you know of. This issue is obvious and the fix is quite easy so should not take too long.

@Kwstubbs
Copy link
Contributor Author

Closing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@da3dsoul @Kwstubbs