Skip to content

Authentication Bypass #61

Open
Open
@nemmerich

Description

@nemmerich

On the 13th of June 2022 we reported an authentication bypass in this library to @cdbattags.
Due to time constraints on their side we privately provided a patch that should fix the issue on the 29th of July 2022.
Since then we inquired about the patch multiple times. The maintainer confirmed receipt of the patch but it was never applied.

As this vulnerability was now reported a year ago, this GitHub issue is intended to warn users of this library about the authentication bypass.

We hope the patch will be implemented in the near future and kindly ask the maintainer to create a GitHub Security Advisory afterwards (https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/about-repository-security-advisories.

On behalf of ERNW

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions