Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2024-34391 and CVE-2024-34392 #659

Open
macolmenerori opened this issue May 7, 2024 · 3 comments
Open

CVE-2024-34391 and CVE-2024-34392 #659

macolmenerori opened this issue May 7, 2024 · 3 comments

Comments

@macolmenerori
Copy link

A few days ago two vulnerabilities were listed:

Two issues where raised here and here respectively.
@ashishMsci
Copy link

Can we expect any fix for these vulnerabilities in near future?

@wiesjan
Copy link

wiesjan commented Jun 6, 2024

Can we expect any fix for these vulnerabilities in near future?

I second that question 😉

@jkowalleck
Copy link

Hi, I am not affiliated with this project.
Still, I would highly encourage everybody waiting for a fix, to actively participate in the process. ... Given the maintenance posture of this project and its past as nearly-abandonware.

  • You could pull-request a regression-test that showcases the vulnerability.
    Of course, this test will fail, as long as no fix was provided, but at least we could see that the claim is true: a vulnerability actually exists (this is important, because none of the CVE were analyzed/reviewed/proven).
  • You could comment mitigation methods here.
  • You could pullrequest a fix.
  • just help improve the situation

If you (personally) cannot provide such, maybe the organizations you work for could pay somebody to help :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jkowalleck @macolmenerori @ashishMsci @wiesjan