Looking to speak with OBS developer team. I have found a vulnerability on OBS Studio 30.2.3 Windows Executable

[atmpzx]

Hello there,

I have recently found a vulnerability on the latest version of OBS Studio Windows Executable. It is a Local File Inclusion vulnerability. How should I responsibly disclose this vulnerability and get it patched?

Thanks,
zen

 

[Lawrence_SoCal]

I'm not a developer, just a normal user here ... so this is only a guess that a post in the code repository (github) most direct method to report issue.
Or maybe DM one of the Forum Admins? but I'd start with GitHub link at https://obsproject.com/download

 

[R1CH]

LFI is a web application vulnerability, so this seems unlikely to apply to OBS. If you're referring to what the browser source can do, this is generally out of scope as only trusted sites are intended to be loaded in the browser source, it is not meant for regular web browsing.

You can send details to security at obsproject.com.

 

[atmpzx]

Sure. I have sent the reproduction steps of the vulnerability

 

[atmpzx]

LFI is a web application vulnerability, so this seems unlikely to apply to OBS. If you're referring to what the browser source can do, this is generally out of scope as only trusted sites are intended to be loaded in the browser source, it is not meant for regular web browsing.

You can send details to security at obsproject.com.

Still waiting on the reply from the security. Is there any other way to reach them?