starred/pictshare
1
0
Fork 0
mirror of https://github.com/HaschekSolutions/pictshare.git synced 2026-04-26 15:35:51 +03:00
Code Issues 34 Projects Releases Packages Wiki Activity

[GH-ISSUE #127] Potential Security Issues #102

New issue
Closed
opened 2026-02-25 23:40:41 +03:00 by kerem · 6 comments
kerem commented 2026-02-25 23:40:41 +03:00
Owner
Copy link

Originally created by @JamieSlome on GitHub (Jun 8, 2021).
Original GitHub issue: https://github.com/HaschekSolutions/pictshare/issues/127

Hello,

I'm just getting in touch as we recently received some disclosures against this repository through our disclosure program. I tried looking for a contactable e-mail and security policy to send the details to, but could not find either.

You can find the details for the disclosures here:

https://huntr.dev/bounties/1-HaschekSolutions/pictshare/
https://huntr.dev/bounties/2-HaschekSolutions/pictshare/
https://huntr.dev/bounties/3-HaschekSolutions/pictshare/
https://huntr.dev/bounties/4-HaschekSolutions/pictshare/

They are private to yourself and the reporter. If you would prefer not to sign-up to view the disclosures, let me know, and I will be happy to share them with you over some other means.

Let me know if you have any questions.

-- Jamie from huntr.dev

Originally created by @JamieSlome on GitHub (Jun 8, 2021). Original GitHub issue: https://github.com/HaschekSolutions/pictshare/issues/127 Hello, I'm just getting in touch as we recently received some disclosures against this repository through our disclosure program. I tried looking for a contactable e-mail and security policy to send the details to, but could not find either. You can find the details for the disclosures here: https://huntr.dev/bounties/1-HaschekSolutions/pictshare/ https://huntr.dev/bounties/2-HaschekSolutions/pictshare/ https://huntr.dev/bounties/3-HaschekSolutions/pictshare/ https://huntr.dev/bounties/4-HaschekSolutions/pictshare/ They are private to yourself and the reporter. If you would prefer not to sign-up to view the disclosures, let me know, and I will be happy to share them with you over some other means. Let me know if you have any questions. -- Jamie from huntr.dev
kerem closed this issue 2026-02-25 23:40:41 +03:00
kerem commented 2026-02-25 23:40:42 +03:00
Author
Owner
Copy link

@geek-at commented on GitHub (Jun 8, 2021):

Hey Jamie!

Awesome thanks. Do you have any PR for resolving these problems?

<!-- gh-comment-id:856671975 --> @geek-at commented on GitHub (Jun 8, 2021): Hey Jamie! Awesome thanks. Do you have any PR for resolving these problems?
kerem commented 2026-02-25 23:40:42 +03:00
Author
Owner
Copy link

@JamieSlome commented on GitHub (Jun 8, 2021):

@geek-at - we can open up this advisory to our users once we validate it, and we can begin sourcing fixes for it. Otherwise, you can always check with the discloser to see if they have anything in mind.

<!-- gh-comment-id:856793016 --> @JamieSlome commented on GitHub (Jun 8, 2021): @geek-at - we can open up this advisory to our users once we validate it, and we can begin sourcing fixes for it. Otherwise, you can always check with the discloser to see if they have anything in mind.
kerem commented 2026-02-25 23:40:42 +03:00
Author
Owner
Copy link

@zer0h-bb commented on GitHub (Jun 10, 2021):

Hi @geek-at, I reported the two first bugs
https://huntr.dev/bounties/1-HaschekSolutions/pictshare/
https://huntr.dev/bounties/2-HaschekSolutions/pictshare/

Is it possible to validate them directly in huntr.dev ? So we can get paid and gain the associated xp :)

Best regards,
zer0h

<!-- gh-comment-id:858694901 --> @zer0h-bb commented on GitHub (Jun 10, 2021): Hi @geek-at, I reported the two first bugs https://huntr.dev/bounties/1-HaschekSolutions/pictshare/ https://huntr.dev/bounties/2-HaschekSolutions/pictshare/ Is it possible to validate them directly in huntr.dev ? So we can get paid and gain the associated xp :) Best regards, zer0h
kerem commented 2026-02-25 23:40:42 +03:00
Author
Owner
Copy link

@Blisk commented on GitHub (Sep 30, 2021):

So is it safe to use this on my server or not?

<!-- gh-comment-id:931006793 --> @Blisk commented on GitHub (Sep 30, 2021): So is it safe to use this on my server or not?
kerem commented 2026-02-25 23:40:42 +03:00
Author
Owner
Copy link

@geek-at commented on GitHub (Sep 30, 2021):

Yes. All reported vulnerabilities are only working if you don't follow the configuration. Mainly this part

If you're using the docker image you're safe out of the box

<!-- gh-comment-id:931177325 --> @geek-at commented on GitHub (Sep 30, 2021): Yes. All reported vulnerabilities are only working if you don't follow the configuration. [Mainly this part](https://github.com/HaschekSolutions/pictshare/blob/520099be960c4cc16a1910eb113ba3cf105fe747/rtfm/INSTALL.md#nginx-configuration) If you're using the docker image you're safe out of the box
kerem commented 2026-02-25 23:40:42 +03:00
Author
Owner
Copy link

@Blisk commented on GitHub (Sep 30, 2021):

I dont use docker

<!-- gh-comment-id:931236486 --> @Blisk commented on GitHub (Sep 30, 2021): I dont use docker
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dependabot/composer/src/lib/phpunit/phpunit-12.5.22
v3
v2
v3.0.7
v3.0.6
v3.0.5
v3.0.4
v3.0.3
v3.0.2
v3.0.1
v3.0.0
v2.0.3
v2.0.2
v2.0.1
v2.0.0
1.5
v1.1
1.0
Labels
Clear labels   
Feature request

   
Feature request

   
bug

   
cant reproduce

   
enhancement

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
wontfix
No labels
Feature request
Feature request
bug
cant reproduce
enhancement
help wanted
pull-request
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/pictshare#102
No description provided.