Closed ChrisCCheng closed 3 years ago
dougwilson
commented
3 years ago What is the vulnerability? Nothing has been reported here as any vulnerability for this module. If you do have more information as to what is the vulnerability you are referring to, it would be appreciated if you could email the details so we can take a look and fix it.
dougwilson
commented
3 years ago The CVE you referenced (https://nvd.nist.gov/vuln/detail/CVE-2017-18589) is a Rust crate; this is a Node.js module. Are you saying that that Rust issue applies to this Javascript module? If so, how?
dougwilson
commented
3 years ago For now I'm going to close this assuming you accidentally reported it to the wrong place, seeing as that CVE is not even for the same programming language as this repo :)
dougwilson
commented
3 years ago Here is the github repo for the Rust crate that CVE is for if you wanted to open an issue there: https://github.com/SergioBenitez/cookie-rs
ChrisCCheng
commented
3 years ago ok,i got it,thanks.
Version 0.4.0 has a vulnerability; Is CVE-2017-18589 resolved in 0.4.1? If not,do you have a plan?