Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Who to contact for security issues

See original GitHub issue

Hey there!

I belong to an open source security research community, and a member (@sampaguitas) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

Issue Analytics

State:
Created 2 years ago
Reactions:2
Comments:9 (2 by maintainers)

Top GitHub Comments

3reactions

JamieSlomecommented, May 24, 2022

@rexxars - sorted:

https://github.com/CVEProject/cvelist/pull/5853/files

2reactions

rexxarscommented, May 23, 2022

@rexxars - I might be able to help here. If you can confirm that v1.1.1 is not affected by this, I can update the CVE 👍

See: https://github.com/418sec/cvelist/blob/master/2022/1xxx/CVE-2022-1650.json

To summarize:

v1.1.0 and below are affected by this issue - the issue is fixed in v1.1.1.
v2.0.0 and v2.0.1 are affected by this issue - the issue is fixed in v2.0.2.

This ensures that people do not have to upgrade to v2 if they are stuck on the v1 range, due to needing support for node 12 or below, or similar.

Would be great if you could update the CVE.

Top Results From Across the Web

Report a security or privacy vulnerability

Alternatively, you can send your research to us via email at product-security@apple.com. Please make sure that you include the information ...

Report an Incident

If you believe someone is using your Social Security number, contact the Social Security Administration (SSA) fraud hotline at 1-800-269-0271.

Online Safety | USAGov

Online security and safety; Internet Fraud ... Call USAGov at 1-844-USA-GOV1 (1-844-872-4681) to ask us any question about the U.S. government for free....

Cyber Crime — FBI

Respond and Report · File a Report with the Internet Crime Complaint Center · Contact Your Local FBI Field Office.

Social Security: Fraud Prevention and Reporting | SSA

Failing to notify the agency of the death of a beneficiary and continuing to ... using your SSN and assuming your identity can...