Skip to content

Commit

Permalink
[security] Add credits for CVE-2022-0639
Browse files Browse the repository at this point in the history
  • Loading branch information
lpinca committed Feb 17, 2022
1 parent 8b3f5f2 commit 4f2ae67
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,18 @@ acknowledge your responsible disclosure, if you wish.

## History

> A specially crafted URL with empty userinfo and no host can be used to bypass
> authorization checks.
- **Reporter credits**
- Haxatron
- GitHub: [@haxatron](https://github.com/haxatron)
- Twitter: [@haxatron1](https://twitter.com/haxatron1)
- Huntr report: https://www.huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155/
- Fixed in: 1.5.7

---

> Incorrect handling of username and password can lead to authorization bypass.
- **Reporter credits**
Expand Down

0 comments on commit 4f2ae67

Please sign in to comment.