ericpromislow
commented
3 months ago If this project was going to be rewritten with current versions of node.js and its libraries would it still have this vulnerability?
Open JafarAkhondali opened 3 months ago
ericpromislow
commented
3 months ago If this project was going to be rewritten with current versions of node.js and its libraries would it still have this vulnerability?
JafarAkhondali
commented
3 months ago @ericpromislow Yes. Sorry, but are you from maintainers or just asking ?
We are a group of researchers from Leiden University, and we conduct research on vulnerabilities in open-source software. We have discovered and verified a high-severity vulnerability in your project(Stackato-Apps/node-env). Explaining the vulnerability further in this issue could allow malicious users to access details, so we recommend enabling private vulnerability reporting on GitHub to discuss this matter confidentially. After you have enabled this feature, please add a comment to this issue so we can continue our discussion. If you have any questions, feel free to leave a reply here or send an email to: j.akhoundali [at] liacs.leidenuniv.nl