Open huntr-helper opened 3 years ago
OmgImAlexis
commented
3 years ago ✏️ NOTE: If we don't hear from you in 14 days, we will proactively source a fix for this vulnerability (and open a PR) to ensure community safety.
@huntr-helper is there a PR to fix this?
JamieSlome
commented
3 years ago @OmgImAlexis - not yet!
JamieSlome
commented
3 years ago Do we have any updates on this?
skarred14
commented
3 years ago Any updates here?
This CVE is currently blocking our CI/CD: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25943
adlawren
commented
3 years ago https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25943
Just wondering, are there any updates concerning this CVE?
OmgImAlexis
commented
3 years ago ✏️ NOTE: If we don't hear from you in 14 days, we will proactively source a fix for this vulnerability (and open a PR) to ensure community safety.
@huntr-helper is there a PR to fix this?
@huntr-helper it's been way longer than 14 days. Still no PR. 😕
OmgImAlexis
commented
3 years ago NOTE: If we don't hear from you in 14 days, we will proactively source a fix for this vulnerability (and open a PR) to ensure community safety.
@huntr-helper are you going to open a PR for this? Is there anything we can do to help?
JamieSlome
commented
3 years ago @OmgImAlexis - it looks like no fixes have been submitted via our community.
I might recommend reaching out to @blindhacker99, who disclosed via our platform to see if they have any thoughts.
OmgImAlexis
commented
3 years ago ✏️ NOTE: If we don't hear from you in 14 days, we will proactively source a fix for this vulnerability (and open a PR) to ensure community safety.
@JamieSlome might be worth removing this line from your issues then.
JamieSlome
commented
3 years ago @OmgImAlexis - this template has been entirely adjusted and does not follow this format anymore.
Thanks!
blindhacker99
commented
3 years ago Just a FYI there's a open PR is already there for keypather which also utilises the vulnerable set() method from 101. The maintainer hasn't merged the PR yet, looks he is not interested. Since keypather also utilises the vulnerable set() method from 101 so fixing it here would be effective fix. @OmgImAlexis you can open a PR by replicating the same fix which is applied here. -https://github.com/tjmehta/keypather/pull/43/commits/c87c3c453e8c853c22bbfa75d40e0b7f11c58ede
👋 Hello, @tjmehta - a potential high severity Violation of Secure Design Principles (CWE-657) vulnerability in your repository has been disclosed to us.
Next Steps
1️⃣ Visit https://huntr.dev/bounties/1-other-tjmehta/101 for more advisory information.
2️⃣ Sign-up to validate or speak to the researcher for more assistance.
3️⃣ Propose a patch or outsource it to our community - whoever fixes it gets paid.
✏️ NOTE: If we don't hear from you in 14 days, we will proactively source a fix for this vulnerability (and open a PR) to ensure community safety.
Confused or need more help?
Join us on our Discord and a member of our team will be happy to help! 🤗
Speak to a member of our team: @JamieSlome
This issue was automatically generated by huntr.dev - a bug bounty board for securing open source code.