Please report vunerabilities using GitHub's Private Vulnerability Reporting tool.

You can expect a response within a few days.

Warpgate considers the following trusted inputs:

• Contents of the connected database
• Contents of the config file, as long as Warpgate does not fail to lock down its permissions.
• HTTP requests made by a session previously authenticated by a user who has the warpgate:admin role.
• Network infrastructure and actuality and stability of target IPs/hostnames.

In particular, this does not include the traffic from known Warpgate targets.

CNA: GitHub