Security reports should never start out in the open. Please follow up directly with the team if you have a contact. If not you can always start with the information at https://docs.chocolatey.org/en-us/information/security to see instructions on how to provide the disclosure. Thank you!
Security: chocolatey/boxstarter
Security
.github/SECURITY.md
-
Log4Net CVE requires an upgrade to 2.0.12GHSA-j6ff-f9jr-fr76 published
Sep 26, 2022 by paubyLow -
Boxstarter folder allows write access for standard usersGHSA-rpgx-h675-r3jf published
Oct 20, 2020 by paubyHigh
Learn more about advisories related to chocolatey/boxstarter in the GitHub Advisory Database