Comment by sim7c00

its so weird to me to report a bug to open source but not atleast suggest a fix :/. especially around security bugs. to prove it u need to reliably trigger and exploit it so it should be plainly obvious in most cases what the fix is :/.

this is why i never report stuff to open source. if you wanna play bug bounty and cve hoarder its better to stick with bug bounty programs.

why? there the security researcher can be depressed about the process himself rather than some volunteer coder. gotta not make your issues other ppls issues.