Their security.txt email address replies and asks you to go on BugCrowd.
BugCrowd staff is unwilling (or too incompetent) to run a bash curl command to reproduce the issue, while also refusing to forward it to OpenAI.
The [email protected] waits an hour before answering with ChatGPT answer.
Issues raised on GitHub directly towards their engineers were not answered.
Also Microsoft CERT & Azure security team do not reply or care respond to such things (maybe due to lack of demonstrated impact).
alt Hacker News
Their security.txt email address replies and asks you to go on BugCrowd. BugCrowd staff is unwilling (or too incompetent) to run a bash curl command to reproduce the issue, while also refusing to forward it to OpenAI.
The [email protected] waits an hour before answering with ChatGPT answer.
Issues raised on GitHub directly towards their engineers were not answered.
Also Microsoft CERT & Azure security team do not reply or care respond to such things (maybe due to lack of demonstrated impact).