Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security #8

Closed
SCH227 opened this issue Jul 18, 2024 · 3 comments
Closed

Security #8

SCH227 opened this issue Jul 18, 2024 · 3 comments

Comments

@SCH227
Copy link

SCH227 commented Jul 18, 2024

Hey, first of all, awesome project!

I wanted to report two security-related issues:

  • API_URLS are all over HTTP. An attacker in a MITM position would be able to read everything between client-server, for example, the api-key
  • The repo lacks a SECURITY.md, or any channel where these type of issues can be reported privately
@g147 g147 added the good first issue Good for newcomers label Jul 19, 2024
@g147
Copy link
Member

g147 commented Jul 19, 2024

Hello!
Thanks for bringing it to our attention.
We'll fix it ASAP!

@g147
Copy link
Member

g147 commented Jul 19, 2024

Issued an advisory: GHSA-rwcj-7jjp-4w38
Fixed the issue: 033f3b6

@g147 g147 closed this as completed Jul 19, 2024
@g147 g147 removed the good first issue Good for newcomers label Jul 19, 2024
@SCH227
Copy link
Author

SCH227 commented Jul 19, 2024

Thank you for the quick response and again, for the awesome project!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@g147 @SCH227