Skip to content
This repository has been archived by the owner on Feb 18, 2021. It is now read-only.

Security issue #16

Closed
vdeturckheim opened this issue Dec 25, 2017 · 4 comments
Closed

Security issue #16

vdeturckheim opened this issue Dec 25, 2017 · 4 comments

Comments

@vdeturckheim
Copy link

Hello,

As a member of the Node.js ecosystem security team I have been reported a security issue regarding this package.

I have contacted the person I identified as maintainer by email but did not get any answer. What is the best way to reach someone with commit rights over this repo do privately explain what is the issue?

Best
Vladimir de Turckheim
@vivaxy
Copy link
Owner

vivaxy commented Dec 26, 2017

@vdeturckheim Sorry, I have not paid attention to the email. Please let me know what's the reason of the vulnerability.

@vdeturckheim
Copy link
Author

Hey @vivaxy thanks for your answer, in order to not publicly disclose the vulnerability, can I invite you on HackerOne with your public email address? You'll be able to review the report and interact with the person who found the issue.

@vivaxy
Copy link
Owner

vivaxy commented Dec 27, 2017

@vdeturckheim Please invite me, thanks.

@vdeturckheim
Copy link
Author

Done, you should have received an email @vivaxy

vivaxy added a commit that referenced this issue Dec 28, 2017
@vivaxy
fix: 🔒Fix an issue that users can browse outside the wd
d50c567 
Resolve #16
@vivaxy vivaxy mentioned this issue Dec 28, 2017
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vivaxy @vdeturckheim