Found a possible security concern

[zidingz]

Hey there!

I belong to an open source security research community, and a member (@0xdhinu) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

[shimizurei]

They haven't responded to my issue nor have they responded to the email I sent in early September. I think this is an abandoned project, unfortunately.

[sepulzera]

Hello @zidingz and @0xdhinu ,

I am currently rewriting openeats as a fork named OwnRecipes.

As we take security very seriously, we would like to here about your result(s). Please find a contact information in the repo's SECURITY.md.

(To keep things simple for you, you don't have to do a re-scan for OwnRecipes. Just describe the vulnerability for openeats, and we should know how to deal with it.)

Thanks for your effort!

[JamieSlome]

@0xdhinu - you are welcome to submit a disclosure against the forked repository, and we will share this with the maintainers.

[sepulzera]

@JamieSlome Just to avoid misunderstandings: Currently i am waiting for an engagement by @0xdhinu , or should I become active in any way?

[JamieSlome]

Waiting for @0xdhinu here 👍

[rustymyers]

CC @RyanNoelk