-
Hey everyone, I have a quick question related to reporting bugs with possible security implications. I found some crashes (assert & 0 deref), but they manifest in third-party libs (ngtcp2 & nghttp3) but can be triggered through curl. Should these still be reported via Hacker One or to the respective projects? Since I don't know the actual root cause of these bugs, I'm uncertain which way to go. Best, |
Beta Was this translation helpful? Give feedback.
Answered by
jay
Apr 30, 2024
Replies: 1 comment
-
Please report to curl on hacker one so the security team can look into it. Thanks |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
jay
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please report to curl on hacker one so the security team can look into it. Thanks