Open vdeturckheim opened 6 years ago
Hi @vdeturckheim . I'm the only maintainer of this repo / npm module. Feel free to open a PR with the fix for the above mentioned vulnerability.
Hey @danielpacak thanks for your response, as a collection and triage team, we only coordinate security issues. Can I invite you on HackerOne with your public email address? You'll be able to review the security report that has been issued to us and to discuss with the person who found it.
Sure, please send me the invitation so I can review the report.
Awesome, you should have received an email from HackerOne.
Any update on this? @vdeturckheim is has been more than 6 months, maybe it's time for public disclosure?
@omerlh I will check ASAP
Are this project and organization still under maintenance? I can confirm that npm package is partially functional, workable but with glitches.
Are this project and organization still under maintenance? I can confirm that npm package is partially functional, workable but with glitches.
It's not actively developed although any PR is more than welcomed. I'm okey with disclosing any possible security vulnerabilities that it might cause so the community is aware of that.
Hello,
As a member of the Node.js ecosystem security team I have been reported a security issue regarding this package.
I have contacted the person I identified as maintainer by email but did not get any answer. What is the best way to reach someone with commit rights over this repo do privately explain what is the issue?
Best Vladimir de Turckheim