JLLeitschuh commented on PR #250: URL: https://github.com/apache/mina-sshd/pull/250#issuecomment-1272310184
> since the code does ensure after having created the directory that it is readable only by the owner. Huh, so it does. To be completely honest, this is incredibly rare for a project to do. But you are indeed correct. > BTW, I would hope that if you found a real vulnerability you'd report it through non-public channels first. For Apache projects, that's via e-mail. See Reporting a Vulnerability. Unfortunately, I am not. Given the number of vulnerabilities being addressed by this work, disclosure via email is unfortunately somewhat impractical. You can read more here https://github.com/JLLeitschuh/security-research/discussions/12 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
