New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please enable private disclosures ASAP #466
Comments
hello,I'd like to ask about this vulnerability, what exactly is it and is it easy to say, because I see that this library is supposed to be the most popular at the moment and have recently wanted to use it. |
I can't answer this question without doing serious damage by disclosing it when there is no patch. |
@Zemnmez reporting vulnerabilities is enabled now, although the project itself is discontinued. |
You can do it with the Security panel.
Please enable:
I found a serious vulnerability in crypto-js. Please enable vulnerability disclosures so I can responsibly disclose the vulnerability. Thanks.
Twitter thread with some context: https://twitter.com/zemnmez/status/1714513369745830026
The text was updated successfully, but these errors were encountered: