|Scope Type||Scope Name|
|undefined||An issue that allows an attacker to impersonate webhook events from GitHub|
|undefined||An issue that allows an attacker to read or write files on the server hosting the bot|
|undefined||An issue that causes the bot to create a large number of GitHub notifications resulting from a disproportionately small set of actions by an unauthorized GitHub user. For example, if it's possible to get the bot to comment on 100 issues by opening a single pull request, we'd like to know about it.|
No technology is perfect, and ESLint believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in ESLint or its infrastructure, we encourage you to notify us. We welcome working with you to resolve the issue promptly.
Since ESLint is run by volunteers, we cannot pay bounties.
While researching, please refrain from:
Thank you for helping keep ESLint and our users safe!