Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security issue #85

Open
afzalsayed96 opened this issue Feb 2, 2019 · 6 comments
Open

Security issue #85

afzalsayed96 opened this issue Feb 2, 2019 · 6 comments

Comments

@afzalsayed96
Copy link

afzalsayed96 commented Feb 2, 2019

Hi, More than one security issues have been found in HarpJS. Can someone (with publish rights) please contact @lirantal from Node Security Working Group so he can invite them to the private report on hackerone?
A response would be much appreciated!

cc: @sintaxi

@lirantal
Copy link

lirantal commented Feb 2, 2019

Thank you @afzalsayed96
I'll follow this thread and my inbox

@sintaxi
Copy link
Member

sintaxi commented Feb 3, 2019

Sorry, whats the call to action on this?

@lirantal
Copy link

lirantal commented Feb 3, 2019

If you have commit and npm publish access I can send you an invite to the security report on HackerOne so you can join the conversation, help us triage the issue and push a fix. Sounds ok?

@sintaxi
Copy link
Member

sintaxi commented Feb 5, 2019

@lirantal can you clarify if is this for the harpjs.com website or for the harp tool? https://github.com/sintaxi/harp

@lirantal
Copy link

lirantal commented Feb 5, 2019

@sintaxi there are two reports waiting to get your input on in HackerOne about the harp package (https://www.npmjs.com/package/harp)

I'm going to send another invite to the e-mail associated here with your GitHub account. Please check your inbox/spam folder for the H1 invitation to join these reports. They've already been stalled for quite a while now.

@lirantal
Copy link

@sintaxi there are two reports still pending your review with regards to harp (the library, not the website). I will disclose them at the end of the week so please ping me before that if you'd like to take action in fixing them before the vulnerabilities are disclosed publicly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants