Description
On the 13th of June 2022 we reported an authentication bypass in this library to @cdbattags.
Due to time constraints on their side we privately provided a patch that should fix the issue on the 29th of July 2022.
Since then we inquired about the patch multiple times. The maintainer confirmed receipt of the patch but it was never applied.
As this vulnerability was now reported a year ago, this GitHub issue is intended to warn users of this library about the authentication bypass.
We hope the patch will be implemented in the near future and kindly ask the maintainer to create a GitHub Security Advisory afterwards (https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/about-repository-security-advisories.
On behalf of ERNW