From 61864a8eccff714a45d23db85a814e3c6ee0baba Mon Sep 17 00:00:00 2001
From: Luigi Pinca <luigipinca@gmail.com>
Date: Sat, 19 Feb 2022 20:36:59 +0100
Subject: [PATCH] [security] Add credits for CVE-2022-0686

---
 SECURITY.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/SECURITY.md b/SECURITY.md
index 1a7cee6..d062b4f 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -33,6 +33,17 @@ acknowledge your responsible disclosure, if you wish.
 
 ## History
 
+> A URL with a specified but empty port can be used to bypass authorization
+> checks.
+
+- **Reporter credits**
+  - Rohan Sharma
+  - GitHub: [@r0hansh](https://github.com/r0hansh)
+- Huntr report: https://www.huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c/
+- Fixed in: 1.5.8
+
+---
+
 > A specially crafted URL with empty userinfo and no host can be used to bypass
 > authorization checks.