cereal icon indicating copy to clipboard operation
cereal copied to clipboard

Published 20 hours ago verified publisher icon USCiLab

latest tag is v1.3.0 but does not include fix for CVE-2020-11105

Open jmonticelli opened this issue 3 years ago • 1 comments

This tag is an issue in the sense that there is no version bump that includes a fix for the following vulnerability:

https://nvd.nist.gov/vuln/detail/CVE-2020-11105

An unknowing consumer of this library may grab the latest release, which is behind commit f27c12d491955c94583512603bf32c4568f20929 which fixes this issue.

jmonticelli avatar Jul 27 '21 17:07 jmonticelli

I see that the v1.3.1 milestone has one open issue still. @AzothAmmo do you want this fixed before any new release? If so, I can try and help resolve it.

Alex-Riley avatar Aug 19 '21 10:08 Alex-Riley