Urgent matter #1
Comments
|
Thank you @Cyber-Dude1 for reporting this vulnerability. Version 0.5.1 fixes this issue. |
|
Thanks David,
Did you contact NPM as well?
Have a great week!
…On Mon, 26 Apr 2021 at 0:40 Worms David ***@***.***> wrote:
Closed #1 <#1>.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/ALW5XU2A5JGRMNE7X2SK4JTTKSD6DANCNFSM43MBYYMQ>
.
|
|
I didn't. I felt like releasing a new version is sufficient. What is the
process you are suggeting, to block the access of previously published
versions ?
David
…On 26/04/2021 10:13, Dan Shallom wrote:
Thanks David,
Did you contact NPM as well?
Have a great week!
On Mon, 26 Apr 2021 at 0:40 Worms David ***@***.***> wrote:
> Closed #1 <#1>.
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> <#1 (comment)>, or
> unsubscribe
>
<https://github.com/notifications/unsubscribe-auth/ALW5XU2A5JGRMNE7X2SK4JTTKSD6DANCNFSM43MBYYMQ>
> .
>
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#1 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAALOMCNTDP2YQCFEB24MJTTKUOC3ANCNFSM43MBYYMQ>.
--
David Worms, SARL Adaltas
***@***.***, +33 6 76 88 72 13
6 rue Jules Simon, 92100 Boulogne-Billancourt
|
|
Hi David,
That’s right. But in this case only one version should be blocked is v0.5.0
- can you confirm?
Eventually an advisory should be published for mixme, in
https://www.npmjs.com/advisories
…On Mon, 26 Apr 2021 at 12:49 Worms David ***@***.***> wrote:
I didn't. I felt like releasing a new version is sufficient. What is the
process you are suggeting, to block the access of previously published
versions ?
David
On 26/04/2021 10:13, Dan Shallom wrote:
> Thanks David,
> Did you contact NPM as well?
>
> Have a great week!
>
> On Mon, 26 Apr 2021 at 0:40 Worms David ***@***.***> wrote:
>
> > Closed #1 <#1>.
> >
> > —
> > You are receiving this because you were mentioned.
> > Reply to this email directly, view it on GitHub
> > <#1 (comment)>, or
> > unsubscribe
> >
> <
https://github.com/notifications/unsubscribe-auth/ALW5XU2A5JGRMNE7X2SK4JTTKSD6DANCNFSM43MBYYMQ
>
> > .
> >
>
> —
> You are receiving this because you modified the open/close state.
> Reply to this email directly, view it on GitHub
> <#1 (comment)>,
> or unsubscribe
> <
https://github.com/notifications/unsubscribe-auth/AAALOMCNTDP2YQCFEB24MJTTKUOC3ANCNFSM43MBYYMQ
>.
>
--
David Worms, SARL Adaltas
***@***.***, +33 6 76 88 72 13
6 rue Jules Simon, 92100 Boulogne-Billancourt
<https://www.google.com/maps/search/6+rue+Jules+Simon,+92100+Boulogne-Billancourt?entry=gmail&source=g>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ALW5XU6UP536BCJG7EVNKPDTKUZMBANCNFSM43MBYYMQ>
.
|
|
All the versions shall be concerned but considering this is a `0.x`
version, I don't think it is necessary to go through each version to
publish a new patch release, it would take time. I found how to report
malware on NPM but not how to report a security advisory, is there a
form how shall I contact NPM on their ***@***.*** address ?
Thank you for the followup, I appreciate.
David
…On 26/04/2021 13:41, Dan Shallom wrote:
Hi David,
That’s right. But in this case only one version should be blocked is
v0.5.0
- can you confirm?
Eventually an advisory should be published for mixme, in
https://www.npmjs.com/advisories
Dan
On Mon, 26 Apr 2021 at 12:49 Worms David ***@***.***> wrote:
> I didn't. I felt like releasing a new version is sufficient. What is the
> process you are suggeting, to block the access of previously published
> versions ?
>
> David
>
> On 26/04/2021 10:13, Dan Shallom wrote:
> > Thanks David,
> > Did you contact NPM as well?
> >
> > Have a great week!
> >
> > On Mon, 26 Apr 2021 at 0:40 Worms David ***@***.***> wrote:
> >
> > > Closed #1 <#1>.
> > >
> > > —
> > > You are receiving this because you were mentioned.
> > > Reply to this email directly, view it on GitHub
> > >
<#1 (comment)>, or
> > > unsubscribe
> > >
> > <
>
https://github.com/notifications/unsubscribe-auth/ALW5XU2A5JGRMNE7X2SK4JTTKSD6DANCNFSM43MBYYMQ
> >
> > > .
> > >
> >
> > —
> > You are receiving this because you modified the open/close state.
> > Reply to this email directly, view it on GitHub
> >
<#1 (comment)>,
>
> > or unsubscribe
> > <
>
https://github.com/notifications/unsubscribe-auth/AAALOMCNTDP2YQCFEB24MJTTKUOC3ANCNFSM43MBYYMQ
> >.
> >
>
> --
> David Worms, SARL Adaltas
> ***@***.***, +33 6 76 88 72 13
> 6 rue Jules Simon, 92100 Boulogne-Billancourt
>
<https://www.google.com/maps/search/6+rue+Jules+Simon,+92100+Boulogne-Billancourt?entry=gmail&source=g>
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> <#1 (comment)>,
> or unsubscribe
>
<https://github.com/notifications/unsubscribe-auth/ALW5XU6UP536BCJG7EVNKPDTKUZMBANCNFSM43MBYYMQ>
> .
>
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#1 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAALOMGG3STXGONBFTKUTALTKVGNLANCNFSM43MBYYMQ>.
--
David Worms, SARL Adaltas
***@***.***, +33 6 76 88 72 13
6 rue Jules Simon, 92100 Boulogne-Billancourt
|
|
Hi David, Thanks :) |
|
Hi David, |
|
Yes, I got the notification. My understanding is that the NPM team will get notified and take further actions without the need to contact them. |
This was referenced May 6, 2021
Open
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there,
Can you please contact me by mail?
Thanks.
The text was updated successfully, but these errors were encountered: