Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability disclosure #12

Closed
Adar-Checkmarx opened this issue Jan 20, 2021 · 2 comments · Fixed by #13
Closed

Vulnerability disclosure #12

Adar-Checkmarx opened this issue Jan 20, 2021 · 2 comments · Fixed by #13

Comments

@Adar-Checkmarx
Copy link

Hello,
My name is Adar and I’m a security analyst at Checkmarx's CxSCA group.
I recently found a potential vulnerability in async-git.
I couldn’t reach any relevant maintainer to disclose this issue to, and I would appreciate you referring me to the right contact.

Please fell free to reach me at ScaAppSec@checkmarx.com.

Thank you
@omrilotan
Copy link
Owner

Thank you @Adar-Checkmarx Please share the vulnerability details - I will be happy to issue a CVE and remediate the issue.

@Adar-Checkmarx
Copy link
Author

Hi @omrilotan,
Is there any way to contact you privately with the details?
I prefer not to publicly publish anything that might expose the users to any risk.

@omrilotan omrilotan mentioned this issue Jan 20, 2021
Merged
@omrilotan omrilotan mentioned this issue Jan 24, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add test for reported vulnerabilities omrilotan/async-git
2 participants
@omrilotan @Adar-Checkmarx