lirantal
commented
5 years ago Thank you @afzalsayed96 I'll follow this thread and my inbox
Open afzalsayed96 opened 5 years ago
lirantal
commented
5 years ago Thank you @afzalsayed96 I'll follow this thread and my inbox
sintaxi
commented
5 years ago Sorry, whats the call to action on this?
lirantal
commented
5 years ago If you have commit and npm publish access I can send you an invite to the security report on HackerOne so you can join the conversation, help us triage the issue and push a fix. Sounds ok?
sintaxi
commented
5 years ago @lirantal can you clarify if is this for the harpjs.com website or for the harp tool? https://github.com/sintaxi/harp
lirantal
commented
5 years ago @sintaxi there are two reports waiting to get your input on in HackerOne about the harp package (https://www.npmjs.com/package/harp)
I'm going to send another invite to the e-mail associated here with your GitHub account. Please check your inbox/spam folder for the H1 invitation to join these reports. They've already been stalled for quite a while now.
lirantal
commented
5 years ago @sintaxi there are two reports still pending your review with regards to harp (the library, not the website). I will disclose them at the end of the week so please ping me before that if you'd like to take action in fixing them before the vulnerabilities are disclosed publicly.
Hi, More than one security issues have been found in
HarpJS. Can someone (with publish rights) please contact @lirantal from Node Security Working Group so he can invite them to the private report on hackerone? A response would be much appreciated!cc: @sintaxi