Sampaguitas
commented
2 years ago Hi there,
I have made a pull request with a patch for your prototype pollution vulnerability, and also added a test for your npm run dev/test.
I would appreciate if you could have a look at it.
With best regards,
Timothee
Hey there!
I belong to an open source security research community, and a member (@sampaguitas) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a
SECURITY.mdfile with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)