Urgent: Potential Vulnerability Found in Installed Package

[davidz1337]

Description

Dear Maintainer Team,

I hope this message finds you well. I am writing to inform you about a security concern that arose after the installation of a recent package. I conducted a vulnerability assessment using the Vulert Abom tool on the lock file, and unfortunately, the results indicated the presence of more than 5 vulnerable dependency.

Given the severity of the situation, as these vulnerabilities could jeopardize the overall project's security, I am contemplating whether this should be reported under responsible disclosure.

For your convenience, here's the link to the vulnerability report for the scanned package-lock file: https://vulert.com/vuln-scan/list/ffaf8c4e-258d-4039-a5ff-cc21fc0d8858

It is my strong belief that we should address these vulnerabilities immediately to safeguard our project. Do let me know if there's a need for additional information from my end.

I have attached the link to the scanned lock file here for your reference: https://github.com/redis/node-redis/blob/master/package-lock.json

Thank you for your attention to this critical matter.

Best regards

Node.js Version

No response

Redis Server Version

No response

Node Redis Version

No response

Platform

No response

Logs

No response

[tlhunter]

It might be safer to report security vulnerabilities in private just in case bad actors read these public issues.

Here's the process for reporting a security issue for this library: https://github.com/redis/node-redis/blob/master/SECURITY.md#reporting-a-vulnerability