Hi there,
Is there a formal channel to report security vulnerabilities?
Thanks.
Hey @ophelia!
Feel free to share more details at hello@sharetribe.com, we’ll be happy to investigate.
Thanks!
Thanks for responding, I will communicate with you later.
Thanks a lot for reaching out and sharing details about your discovery. Indeed, there was a critical security vulnerability.
It has been fixed in v10.2.1, see https://www.sharetribe.com/community/t/sharetribe-go-version-10-2-1-is-now-available-important-security-update/3371 and https://github.com/sharetribe/sharetribe/releases/tag/v10.2.1.
Anyone can learn more about the vulnerability at https://github.com/sharetribe/sharetribe/security/advisories/GHSA-hjjc-p9hr-424c
Thanks Wang Sheng of State Grid Sichuan Electric Power Research Institute for reporting this issue.
It was a pleasure to communicate with the Sharetribe team and community. Your professionalism and efficiency in dealing with security issues are impressive.
1 Like