cryo icon indicating copy to clipboard operation
cryo copied to clipboard

Published 20 hours ago verified publisher icon hunterloftis

Security issue

Open lirantal opened this issue 6 years ago • 2 comments

Hi,

I'm a member of the Node.js Security WG and we received a report regarding a security issue with this module. We tried inviting the author by e-mail but received no response so I'm opening this issue and inviting anyone with commit and npm publish rights to collaborate with us on a fix.

lirantal avatar Jun 06 '18 11:06 lirantal

Hi,

A search for "cryo security" turns up nothing in my email. What's up?

hunterloftis avatar Jul 18 '18 19:07 hunterloftis

@hunterloftis there appears to be an unpatched vulnerability in this package described in this CVE: https://nvd.nist.gov/vuln/detail/CVE-2018-3784 and this HackerOne thread: https://hackerone.com/reports/350418.

rschultheis avatar Aug 17 '18 16:08 rschultheis