Skip to content

Security disclosure contact request for payment gateway findings #96

Description

@quqi1599

你好,维护者:

我在审计 GM Pay / epusdt 作为数字货币收款网关的安全性时,发现了几处可能影响后台控制面、首次安装流程、支付确认完整性和服务端出站请求边界的问题。

为了避免在公开 issue 中披露可复现细节或利用路径,我先不在这里贴具体漏洞细节、文件行号和 PoC。请问项目是否有推荐的私密安全披露渠道,例如:

  • GitHub Private Vulnerability Reporting
  • Security Advisory draft
  • 安全邮箱
  • 其它私密联系方式

如果方便,请开启私密漏洞报告或提供一个安全邮箱。我可以把完整报告、影响范围、复现条件和建议修复方式私下发给维护者。

谢谢。


Hi maintainers,

I found several security-relevant issues while reviewing GM Pay / epusdt as a cryptocurrency payment gateway. I am intentionally not posting technical details or reproduction steps publicly.

Could you please provide a private security disclosure channel or enable GitHub Private Vulnerability Reporting? I can share the full report privately.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions