[Security Report] OS Command Injection

[VolcengineSecurityTeam]

Hello, maintainer.

We are the security team from VolcanoEngine, and we have discovered a security risk in this project.

In order to conduct a responsible vulnerability disclosure, we do not want the vulnerability details to be exposed in the issue before there is a fix, but the security report page is invalid.

Do you have any suggestions for channels to report vulnerability details? Thank you.

[warmshao]

Hello, maintainer.

We are the security team from VolcanoEngine, and we have discovered a security risk in this project.

In order to conduct a responsible vulnerability disclosure, we do not want the vulnerability details to be exposed in the issue before there is a fix, but the security report page is invalid.

Do you have any suggestions for channels to report vulnerability details? Thank you.

Hi, thanks in advance! Please reach out to @vvincent1234 (vincent19901026@gmail.com)