Where to report a security concern for UploadThing?
I've found a place where UploadThing is leaking SQL statements in SDK responses, which exposes the table structure/etc. Not an immediately exploitable vuln, but probably something they'll want to fix. Where's the right place to responsibly disclose the details? (looks like UT doesn't have a
/.well-known/security.txt or /security.txt file, though I did look for them...)4 Replies
That most likely would be their github at https://github.com/pingdotgg/uploadthing
GitHub
GitHub - pingdotgg/uploadthing: File uploads for modern web devs
File uploads for modern web devs. Contribute to pingdotgg/uploadthing development by creating an account on GitHub.
that's not private, which would be better for reporting a security issue
Solution
id dm theo on twitter
Sigh, Twitter does seem to be the one place his DM's are open. Fine. Back to the hellsite.