Security Inquiry: Reporting an Argument Injection Vulnerability

[redyank]

Hi,

I’ve discovered an Argument Injection vulnerability in patool

I have a working PoC and a fix ready. What is your preferred way to receive the details? (Email, Private Security Disclosure, etc.)

I'd like to follow responsible disclosure before making this public.

Best regards,

[redyank]

Hi,

Just following up on this — please let me know your preferred channel for receiving the vulnerability details.

If I don't hear back within the next couple of weeks, I'll proceed with standard disclosure timelines.

Thanks!