starred/BoostNote-App
1
0
Fork 0
mirror of https://github.com/BoostIO/BoostNote-App.git synced 2026-04-27 05:15:56 +03:00
Code Issues 105 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #1547] Security concern #509

New issue
Closed
opened 2026-03-03 00:21:41 +03:00 by kerem · 4 comments
kerem commented 2026-03-03 00:21:41 +03:00
Owner
Copy link

Originally created by @JamieSlome on GitHub (Mar 31, 2022).
Original GitHub issue: https://github.com/BoostIO/BoostNote-App/issues/1547

Hey there!

I belong to an open source security research community, and a member (@effectrenan) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

Originally created by @JamieSlome on GitHub (Mar 31, 2022). Original GitHub issue: https://github.com/BoostIO/BoostNote-App/issues/1547 Hey there! I belong to an open source security research community, and a member (@effectrenan) has found an issue, but doesn’t know the best way to disclose it. If not a hassle, might you kindly add a `SECURITY.md` file with an email, or another contact method? GitHub [recommends](https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository) this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future. Thank you for your consideration, and I look forward to hearing from you! (cc @huntr-helper)
kerem closed this issue 2026-03-03 00:21:41 +03:00
kerem commented 2026-03-03 00:21:42 +03:00
Author
Owner
Copy link

@Rokt33r commented on GitHub (May 12, 2022):

Sorry for my late response. We will add it soon. For now, please send it to rokt33r@boostio.co or info@boostnote.io.

<!-- gh-comment-id:1124803175 --> @Rokt33r commented on GitHub (May 12, 2022): Sorry for my late response. We will add it soon. For now, please send it to rokt33r@boostio.co or info@boostnote.io.
kerem commented 2026-03-03 00:21:42 +03:00
Author
Owner
Copy link

@JamieSlome commented on GitHub (May 12, 2022):

@Rokt33r - not at all! 👍

We did send some e-mails to the info@ e-mail address but did not receive a response. If it makes it easier, you can find both reports here:

https://huntr.dev/bounties/d8c76c3c-a81b-4f3c-b93f-b6a623089c6a/
https://huntr.dev/bounties/d349aa46-1a60-4ee0-94c1-394e50c72f5d/

They are both private and only accessible to maintainers with repository write permissions 😄

<!-- gh-comment-id:1124833794 --> @JamieSlome commented on GitHub (May 12, 2022): @Rokt33r - not at all! 👍 We did send some e-mails to the `info@` e-mail address but did not receive a response. If it makes it easier, you can find both reports here: https://huntr.dev/bounties/d8c76c3c-a81b-4f3c-b93f-b6a623089c6a/ https://huntr.dev/bounties/d349aa46-1a60-4ee0-94c1-394e50c72f5d/ They are both private and only accessible to maintainers with repository write permissions 😄
kerem commented 2026-03-03 00:21:42 +03:00
Author
Owner
Copy link

@Rokt33r commented on GitHub (May 13, 2022):

Confirmed! Thanks for the links. We will fix the issues soon.

<!-- gh-comment-id:1125720800 --> @Rokt33r commented on GitHub (May 13, 2022): Confirmed! Thanks for the links. We will fix the issues soon.
kerem commented 2026-03-03 00:21:42 +03:00
Author
Owner
Copy link

@JamieSlome commented on GitHub (May 13, 2022):

@Rokt33r - you are welcome! 👍 If you require any support with the fix, feel free to drop a message on the reports, and I am sure the researcher will be able to help.

<!-- gh-comment-id:1126235183 --> @JamieSlome commented on GitHub (May 13, 2022): @Rokt33r - you are welcome! 👍 If you require any support with the fix, feel free to drop a message on the reports, and I am sure the researcher will be able to help.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dependabot/npm_and_yarn/braintree/sanitize-url-and-mermaid-6.0.2
dependabot/npm_and_yarn/http-cache-semantics-4.1.1
dependabot/npm_and_yarn/json5-and-json5-and-json5-and-html-webpack-plugin-2.2.3
dependabot/npm_and_yarn/express-4.18.2
dependabot/npm_and_yarn/qs-6.5.3
dependabot/npm_and_yarn/decode-uri-component-0.2.2
dependabot/npm_and_yarn/electron-18.3.7
dependabot/npm_and_yarn/file-type-16.5.4
dependabot/npm_and_yarn/terser-4.8.1
dependabot/npm_and_yarn/got-11.8.5
dependabot/npm_and_yarn/jsdom-16.7.0
dependabot/npm_and_yarn/eventsource-1.1.1
feature/add-attachment-prompt-dialog
display-trial-length
feature/add-kanban-url-clickable
refactor/request-optimisation
refactor/align-endpoints
feature/improve-code-block-path-showcase
feature/fix-kanban-context-menu-on-long-title
fix/view-filters
automations/ast-impl
automations/input-typed-restrictions
automations/logs
automations/remove-env
ui/kanban-flex
feature/make-kanban-headers-sticky
feat/beta-automations
bug/navigation-view-selector
fix-ja
feature/add-evernote-migration
feature/fix-mock-handlers
feature/add-doc-drag-and-drop
feature/add-keymap-customization
feature/add-doc-save-status
feature/add-toolbar-in-edit-mode-select
bug/speed-improvement
blocks/input-streams
fix/blocks-beta-release
fix/workspace-visibility
pr/1090
fix/space-switcher-description
fix/migration-tab
feat/add-betaprogram-sidebar
feat/doc-page-renewal
ui-fix-shared
ui-settings-tmp
features/doc-props
feat/comments
ui-polish-settings
revert-917-reorganize-v2
ui-border-color
feat/doc-state-while-resync
fix/nav-tree
fix-descriptions
fix-description
ui/background-migration-text
ui-copy-btn
ui-timeline-header
bug/shared-collab-auth
ui-improve-sidebar
deprecated-web-app
v10
temp
ui-fix-border
lp-update-info
Flexo013/about/update_slack_2020
lp-update-boosthub
Flexo013-readme-mobile-links
improve-note-page2
legacy
gh-pages
cloud-1.58.4
cloud-1.57.1
cloud-1.57.0
cloud-1.56.5
cloud-1.56.4
cloud-1.56.3
cloud-1.56.2
cloud-1.56.1
cloud-1.56.0
cloud-1.55.1
cloud-1.55.0
cloud-1.54.5
cloud-1.54.6
cloud-1.54.4
cloud-1.54.3
cloud-1.54.1
cloud-1.54.2
cloud-1.54.0
cloud-1.53.9
cloud-1.53.8
cloud-1.53.6
cloud-1.53.5
cloud-1.53.4
cloud-1.53.3
cloud-1.53.1
cloud-1.53.0
cloud-1.52.6
cloud-1.52.7
v0.23.1
cloud-1.52.3
cloud-1.52.2
cloud-1.52.1
v0.23.0
cloud-1.52.0
cloud-1.51.3
cloud-1.51.2
cloud-1.51.1
cloud-1.51.0
cloud-1.50.7
cloud-1.50.6
cloud-1.50.5
cloud-1.50.4
cloud-1.50.3
cloud-1.50.1
v0.22.0
cloud-1.50.0
cloud-1.49.3
cloud-1.49.2
cloud-1.49.1
cloud-1.49.0
v0.21.2
v0.21.1
v0.21.0
v0.21.0-0
v0.20.2
v0.20.1
v0.20.0
v0.19.0
v0.18.1
v0.18.0
v0.18.0-1
v0.18.0-0
v0.17.1
v0.17.0
v0.16.1
v0.16.0
v0.16.0-0
v0.15.1
v0.15.0
v0.15.0-0
v0.14.3
v0.14.3-0
v0.14.2
v0.14.2-1
v0.14.2-0
v0.14.1
v0.14.0
v0.14.0-1
v0.14.0-0
v0.13.2
v0.13.1
v0.13.0
v0.12.5-1
v0.12.5-0
v0.12.4
v0.12.3
v0.12.2
v0.12.1
v0.12.0
v0.11.6
v0.11.5
v0.11.4
v0.11.3
v0.11.2
v0.11.1
v0.11.0
v0.10.2
v0.10.1
v0.10.0
v0.9.1
v0.9.0
v0.8.2
v0.8.1
v0.8.0
v0.7.0
v0.6.1
v0.6.0
v0.5.0
v0.4.1
v0.4.0
v0.3.0
v0.2.1
v0.2.0
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
v0.1.0-13
v0.1.0-12
v0.1.0-11
v0.1.0-10
v0.1.0-9
v0.1.0-8
v0.1.0-7
v0.1.0-6
v0.1.0-5
v0.1.0-4
v0.1.0-3
v0.1.0-2
v0.1.0-1
v0.1.0-0
v0.1.0-pre
Labels
Clear labels   
android 🤖

   
assigned to core 🦹

   
bug 🐛

   
documentation 📚

   
documentation 📚

   
duplicate 🚫

   
external issue 🔼

   
external issue 🔼

   
feature request 🌟

   
funded on issuehunt 💵

   
help wanted 🆘

   
improvement request 🔨

   
improvement request 🔨

   
ios 🍎

   
mobile 📱

   
needs investigation 🔬

   
needs more info ℹ️

   
needs specs 📐

   
plugin idea 🔌

   
plugin idea 🔌

   
poll 🗳️

   
pull-request

Mirrored from GitHub Pull Request

  
question

  
rewarded on issuehunt 🎁

   
security issue 🔑

   
won’t fix

No labels
android 🤖
assigned to core 🦹
bug 🐛
documentation 📚
documentation 📚
duplicate 🚫
external issue 🔼
external issue 🔼
feature request 🌟
funded on issuehunt 💵
help wanted 🆘
improvement request 🔨
improvement request 🔨
ios 🍎
mobile 📱
needs investigation 🔬
needs more info ℹ️
needs specs 📐
plugin idea 🔌
plugin idea 🔌
poll 🗳️
pull-request
question
rewarded on issuehunt 🎁
security issue 🔑
won’t fix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/BoostNote-App#509
No description provided.