cryo
cryo copied to clipboard
Security issue
Hi,
I'm a member of the Node.js Security WG and we received a report regarding a security issue with this module. We tried inviting the author by e-mail but received no response so I'm opening this issue and inviting anyone with commit and npm publish rights to collaborate with us on a fix.
Hi,
A search for "cryo security" turns up nothing in my email. What's up?
@hunterloftis there appears to be an unpatched vulnerability in this package described in this CVE: https://nvd.nist.gov/vuln/detail/CVE-2018-3784 and this HackerOne thread: https://hackerone.com/reports/350418.