Bootstrap: Security vulnerability in bootstrap

Hi @akashmethani,

@mdo is not Bootstrap, it's a team which compose Bootstrap, so if you have security report, you're in the good place here 👍

I have forwarded you the same email, check inbox.

I sent a direct message to @mdo thank you 👍

@Johann-S I didn't specified actual vulnerability or the place where the vulnerability lies here because I wanted to keep the bad guys away. Knowledge about the place where vuln lies can help an attacker to exploit it.

I request you to delete above comment as the vuln is still not patched.

And please let me know when its patched through an email. :)

Thanks.

Seems like a scam to me, if your concerned about an Open Source project having vulnerabilities you would take the time to describe them here, so as to allow those with the knowledge to fix them to fix them. Or is your plan to exploit the developers or fleece them out of money?

@DiemenDesign if the team allows am fine to disclose it after its patched.

It's unrelated to Bootstrap, stop spreading misinformation.

Mark has been notified.

@XhmikosR I tried to contact him first, waited for more than a month. He didn't responded so I notified the team from here.

I don't really care personally about anything other than the core lib.

Phrasing the issue "Security vulnerability in bootstrap" is just a shitty way to attract attention and spread false info.

Okay. So just to clear out things to others who are watching this, I found a vulnerability in bootstrap's "website" and that's the reason I didn't posted it public because it can be exploited.

And I contacted @mdo through various means but he didn't responded. The only way left to contact your team was through this channel. And I did that to make sure your site remains secure.

@XhmikosR I didn't added "website" after "Security vulnerability in bootstrap" because I didn't wanted to make it public. Just wanted to bring this in your notice.

Either way, it's up to Mark to deal with it privately if he wants to.

I myself wanted to get it fixed privately but mark wasn't responding. This was the only way left to contact you team and bring it in notice. Anyways, I did it for the security it could have costed him a lot.

Apologies for missing the original emails. I’ve passed along to the Themes team.

@akashmethani are you aware that Github allows you to submit changes to a repository, that the team members can then look at and decide to merge and thus fix such problems without the need of privately emailing members? It would also allow others to make comments and improvements even to your code.

This isn't related to Bootstrap itself.

Locking the issue since everyone who needed to be notified is notified.