Closed Marcono1234 closed 6 months ago
@dain and @electrum, could you please have a look at this?
Also @dain, because https://github.com/dain/snappy now refers to this repository here and because snappy is archived and I cannot comment there anymore, should a CVE be requested for https://github.com/dain/snappy/issues/20? Because if users decompress untrusted data, this could be abused for a denial of service attack by crashing the JVM. The CVE would also have the side-effect of informing users that the repository is not maintained anymore.
I've enabled private vulnerability reporting.
Hello, could you please add a
SECURITY.md
file to your repository, and ideally also enable private vulnerability reporting?