Please enable private disclosures ASAP

[Zemnmez]

You can do it with the Security panel.

Please enable:

• "Security advisories"
• "Private vulnerability reporting"

I found a serious vulnerability in crypto-js. Please enable vulnerability disclosures so I can responsibly disclose the vulnerability. Thanks.

Twitter thread with some context: https://twitter.com/zemnmez/status/1714513369745830026

[wulinnan]

hello,I'd like to ask about this vulnerability, what exactly is it and is it easy to say, because I see that this library is supposed to be the most popular at the moment and have recently wanted to use it.

[MaksimKiselev]

@Zemnmez https://twitter.com/evanvosberg

[Zemnmez]

@MaksimKiselev https://twitter.com/zemnmez/status/1714167497551925457

[Zemnmez]

hello,I'd like to ask about this vulnerability, what exactly is it and is it easy to say, because I see that this library is supposed to be the most popular at the moment and have recently wanted to use it.

I can't answer this question without doing serious damage by disclosing it when there is no patch.

[evanvosberg]

@Zemnmez reporting vulnerabilities is enabled now, although the project itself is discontinued.

[Zemnmez]

GHSA-xwcq-pm8m-c4vf