lmhunterand
lmhunterand
Hi Team @jeffwilcox I've reported an three security vulnerabilities, can this reports eligible for [HOF](https://msrc.microsoft.com/update-guide/acknowledgement/online) ?
## Bug Description : I searching about the vulnerabilities/cve at your code effected to CVE-2021-44906 bellows the (PoCs) Minimist
**Hi!** @epicfaace Thank you for your respond, of course I appreciated that. Upgrade to glob-parent to version `5.1.2`. ```json "dependencies": { "glob-parent": ">=5.1.2" } ``` I would love to be...
Hi @epicfaace Thank you for your respond. I really appreciated it. hermes-engine in [frontend/package-lock.json](https://github.com/cisagov/crossfeed/blob/-/frontend/package-lock.json). please upgrade hermes-engine to version `0.10.0`. ```json "dependencies": { "hermes-engine": ">=0.10.0" } ``` ```json "devDependencies": {...
**Hi!** @kjots you're right on this issue, I've investigated further about the team working at @snyk. they don't know about any vulnerabilities. last month I tried to report the vulnerability...
**Hi!** There has been 2 years ago, can you approved this `pull-request` as `merged`
**Hi!** @mpontillo Thank you for your respond. let's `merged` this `pull-request` for fixing all vulnerabilities on `(v0.12.0)` Best regards, @imhunterand
Hi @kamaln7 I have reviewed the provided Go code for the `webhook/webhook_test.go` and `webhook/webhook.go` files. I found a potential vulnerability related to insufficient verification of HTTP request headers, which can...
Hi @kelly-cs, I see the ticket you created **[SERVER-90260](https://jira.mongodb.org/browse/SERVER-90260)** is not found. could you please check the ticket? I cannot find it.
Signed-off-by: Thomas ANDRI Wijayanto