Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Headers are forwarded when the URL redirects to another domain and should not be (information leak)
See original GitHub issueHey there!
I belong to an open source security research community, and a member (@sampaguitas) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.
Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
Issue Analytics
- State:
- Created 2 years ago
- Comments:10 (7 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Fixed and released in v7.0.0 (since it might break things for some people)
Hi @FGRibreau, @JamieSlome,
The PR has been submitted :
https://github.com/fgribreau/node-request-retry/compare/HEAD...sampaguitas:master
I would appreciate if you could validate the finding & fix on hunter.dev:
https://huntr.dev/bounties/a779faf5-c2cc-48be-a31d-4ddfac357afc/
Have a nice day,
Timothee