Vulnerability disclosure

[cx-adar-zandberg]

Hello,
My name is Adar and I’m a security analyst at Checkmarx's CxSCA group.
I recently found a potential vulnerability in async-git.
I couldn’t reach any relevant maintainer to disclose this issue to, and I would appreciate you referring me to the right contact.

Please fell free to reach me at ScaAppSec@checkmarx.com.

Thank you

[omrilotan]

Thank you @Adar-Checkmarx Please share the vulnerability details - I will be happy to issue a CVE and remediate the issue.

[cx-adar-zandberg]

Hi @omrilotan,
Is there any way to contact you privately with the details?
I prefer not to publicly publish anything that might expose the users to any risk.