Skip to content

Commit

Permalink
[security] Add credits for CVE-2022-0686
Browse files Browse the repository at this point in the history
  • Loading branch information
lpinca committed Feb 19, 2022
1 parent bb0104d commit 61864a8
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,17 @@ acknowledge your responsible disclosure, if you wish.

## History

> A URL with a specified but empty port can be used to bypass authorization
> checks.
- **Reporter credits**
- Rohan Sharma
- GitHub: [@r0hansh](https://github.com/r0hansh)
- Huntr report: https://www.huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c/
- Fixed in: 1.5.8

---

> A specially crafted URL with empty userinfo and no host can be used to bypass
> authorization checks.
Expand Down

0 comments on commit 61864a8

Please sign in to comment.