Hello maintainers,
I've identified multiple security vulnerabilities in the MLeap serving modules (mleap-spring-boot, mleap-executor, mleap-grpc-server) affecting the current release (v0.24.0). These include issues that allow unauthenticated remote callers to crash the service and influence server-side network behavior.
I'd prefer to share the full details privately before any public disclosure. Could you point me to a secure reporting channel; email, GitHub private vulnerability reporting, or similar?
I've also sent details to combust@combust.ml in parallel.
Thanks,
addcontent
Hello maintainers,
I've identified multiple security vulnerabilities in the MLeap serving modules (mleap-spring-boot, mleap-executor, mleap-grpc-server) affecting the current release (v0.24.0). These include issues that allow unauthenticated remote callers to crash the service and influence server-side network behavior.
I'd prefer to share the full details privately before any public disclosure. Could you point me to a secure reporting channel; email, GitHub private vulnerability reporting, or similar?
I've also sent details to combust@combust.ml in parallel.
Thanks,
addcontent