lithium
lithium copied to clipboard
matt-42
There is a high-severity CVE lurking
Hi!
First of all, impressive work with lithium, really pushing some boundaries of performance and usability.
Since there isn't any SECURITY.md or the likes of and my email to you on the matter went unanswered i'm leaving this issue here to raise awareness.
@matt-42 Feel free to ping me i'f you are interested, and then we could discuss it privately.
@itrofimow The OSS community would appreciate if you shared these details or at least give a hint as to where the issue is located.
Greetings, Steven
Hi @Burnett01!
As long as there are some means left (there aren't many, but a few are still present) to communicate this privately with the maintainer i don't think it would be responsible from me to share the details in public. In case nothing works i will go this route, but not yet.
If you are worried whether this affects your services running lithium in production, feel free to dm me [email protected] and we will see what can be done.
I will ping you by mail. Thanks for the report. Sorry for the delay, I have very limited time for lithium these days
@matt-42 If you don't have enough time for this, i could potentially craft a patch myself and we could discuss it in mail, like good old days
Hi @itrofimow, that would be great if you have time thanks :)
On Thu, Mar 30, 2023 at 3:27 PM itrofimow @.***> wrote:
@matt-42 https://github.com/matt-42 If you don't have enough time for this, i could potentially craft a patch myself and we could discuss it in mail, like good old days
— Reply to this email directly, view it on GitHub https://github.com/matt-42/lithium/issues/124#issuecomment-1490304039, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAGOV6AKT6IFWLFRJXBAZY3W6WC2XANCNFSM6AAAAAATG5B5D4 . You are receiving this because you were mentioned.Message ID: @.***>