Skip to content

Commit 61864a8

Browse files
lpincalpinca
committed
[security] Add credits for CVE-2022-0686 
1 parent bb0104d commit 61864a8

File tree

1 file changed

+11
-0
lines changed

1 file changed

+11
-0
lines changed

SECURITY.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,17 @@ acknowledge your responsible disclosure, if you wish.
3333

3434
## History
3535

36+
> A URL with a specified but empty port can be used to bypass authorization
37+
> checks.
38+
39+
- **Reporter credits**
40+
- Rohan Sharma
41+
- GitHub: [@r0hansh](https://github.com/r0hansh)
42+
- Huntr report: https://www.huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c/
43+
- Fixed in: 1.5.8
44+
45+
---
46+
3647
> A specially crafted URL with empty userinfo and no host can be used to bypass
3748
> authorization checks.
3849

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy