Hi @nvbn,
We are security researchers and have identified a security vulnerability in thefuck (all versions ≤ 3.32) related to privilege escalation via the built-in sudo rule and unsanitized shell history.
We tried to report it through GitHub's private vulnerability reporting feature, but it appears to be disabled for this repository.
Could you please either:
- Enable private vulnerability reporting in Settings → Code security
- Or share a secure email address where we can send the full report
We have already sent a detailed email to you directly. We will wait for your response before any public disclosure (90-day responsible disclosure policy).
Thank you.
Hi @nvbn,
We are security researchers and have identified a security vulnerability in thefuck (all versions ≤ 3.32) related to privilege escalation via the built-in sudo rule and unsanitized shell history.
We tried to report it through GitHub's private vulnerability reporting feature, but it appears to be disabled for this repository.
Could you please either:
We have already sent a detailed email to you directly. We will wait for your response before any public disclosure (90-day responsible disclosure policy).
Thank you.