你好,维护者:
我在审计 GM Pay / epusdt 作为数字货币收款网关的安全性时,发现了几处可能影响后台控制面、首次安装流程、支付确认完整性和服务端出站请求边界的问题。
为了避免在公开 issue 中披露可复现细节或利用路径,我先不在这里贴具体漏洞细节、文件行号和 PoC。请问项目是否有推荐的私密安全披露渠道,例如:
- GitHub Private Vulnerability Reporting
- Security Advisory draft
- 安全邮箱
- 其它私密联系方式
如果方便,请开启私密漏洞报告或提供一个安全邮箱。我可以把完整报告、影响范围、复现条件和建议修复方式私下发给维护者。
谢谢。
Hi maintainers,
I found several security-relevant issues while reviewing GM Pay / epusdt as a cryptocurrency payment gateway. I am intentionally not posting technical details or reproduction steps publicly.
Could you please provide a private security disclosure channel or enable GitHub Private Vulnerability Reporting? I can share the full report privately.
你好,维护者:
我在审计 GM Pay / epusdt 作为数字货币收款网关的安全性时,发现了几处可能影响后台控制面、首次安装流程、支付确认完整性和服务端出站请求边界的问题。
为了避免在公开 issue 中披露可复现细节或利用路径,我先不在这里贴具体漏洞细节、文件行号和 PoC。请问项目是否有推荐的私密安全披露渠道,例如:
如果方便,请开启私密漏洞报告或提供一个安全邮箱。我可以把完整报告、影响范围、复现条件和建议修复方式私下发给维护者。
谢谢。
Hi maintainers,
I found several security-relevant issues while reviewing GM Pay / epusdt as a cryptocurrency payment gateway. I am intentionally not posting technical details or reproduction steps publicly.
Could you please provide a private security disclosure channel or enable GitHub Private Vulnerability Reporting? I can share the full report privately.