-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security issue #85
Comments
Thank you @afzalsayed96 |
Sorry, whats the call to action on this? |
If you have commit and npm publish access I can send you an invite to the security report on HackerOne so you can join the conversation, help us triage the issue and push a fix. Sounds ok? |
@lirantal can you clarify if is this for the harpjs.com website or for the harp tool? https://github.com/sintaxi/harp |
@sintaxi there are two reports waiting to get your input on in HackerOne about the harp package (https://www.npmjs.com/package/harp) I'm going to send another invite to the e-mail associated here with your GitHub account. Please check your inbox/spam folder for the H1 invitation to join these reports. They've already been stalled for quite a while now. |
@sintaxi there are two reports still pending your review with regards to harp (the library, not the website). I will disclose them at the end of the week so please ping me before that if you'd like to take action in fixing them before the vulnerabilities are disclosed publicly. |
Hi, More than one security issues have been found in
HarpJS
. Can someone (with publish rights) please contact @lirantal from Node Security Working Group so he can invite them to the private report on hackerone?A response would be much appreciated!
cc: @sintaxi
The text was updated successfully, but these errors were encountered: