I am writing to responsibly disclose an unauthenticated command injection vulnerability that my team at Rhino Security Labs and I have identified within NetAlertX.
As part of this disclosure, I also wanted to provide Rhino Security Labs' Vulnerability Disclosure policy https://rhinosecuritylabs.com/company/vulnerability-disclosure-policy/.
As security researchers committed to keeping products secure, we actively support software projects with remediation while maintaining transparency through a delayed full disclosure.
As part of the triage process, we'd like to establish a coordinated disclosure timeline that allows adequate time for remediation and preparation. Our goal is to work in partnership with you to enhance the security landscape while minimizing any impact to you.
Could you please provide me the proper security contact channels to disclose the details to?
Feel free to reach out with any questions.
Maintainers note:
This vulnerability has been remediated as of the v24.10.12 release.
More details:
https://rhinosecuritylabs.com/research/cve-2024-46506-rce-in-netalertx/
Big thanks to @chebuya for assistance on this one.
chebuya Other
I am writing to responsibly disclose an unauthenticated command injection vulnerability that my team at Rhino Security Labs and I have identified within NetAlertX.
As part of this disclosure, I also wanted to provide Rhino Security Labs' Vulnerability Disclosure policy https://rhinosecuritylabs.com/company/vulnerability-disclosure-policy/.
As security researchers committed to keeping products secure, we actively support software projects with remediation while maintaining transparency through a delayed full disclosure.
As part of the triage process, we'd like to establish a coordinated disclosure timeline that allows adequate time for remediation and preparation. Our goal is to work in partnership with you to enhance the security landscape while minimizing any impact to you.
Could you please provide me the proper security contact channels to disclose the details to?
Feel free to reach out with any questions.
Maintainers note:
This vulnerability has been remediated as of the v24.10.12 release.
More details:
https://rhinosecuritylabs.com/research/cve-2024-46506-rce-in-netalertx/
Big thanks to @chebuya for assistance on this one.