[go: up one dir, main page]

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There is a high-severity CVE lurking #124

Open
itrofimow opened this issue Dec 22, 2022 · 7 comments
Open

There is a high-severity CVE lurking #124

itrofimow opened this issue Dec 22, 2022 · 7 comments

Comments

@itrofimow
Copy link

Hi!

First of all, impressive work with lithium, really pushing some boundaries of performance and usability.

Since there isn't any SECURITY.md or the likes of and my email to you on the matter went unanswered
i'm leaving this issue here to raise awareness.

@matt-42 Feel free to ping me i'f you are interested, and then we could discuss it privately.

@Burnett01
Copy link
Contributor

@itrofimow The OSS community would appreciate if you shared these details or at least give a hint as to where the issue is located.

Greetings, Steven

@itrofimow
Copy link
Author

Hi @Burnett01!

As long as there are some means left (there aren't many, but a few are still present) to communicate this privately with the maintainer i don't think it would be responsible from me to share the details in public. In case nothing works i will go this route, but not yet.

If you are worried whether this affects your services running lithium in production, feel free to dm me i.trofimow@yandex.ru and we will see what can be done.

@matt-42
Copy link
Owner
matt-42 commented Mar 26, 2023

I will ping you by mail. Thanks for the report. Sorry for the delay, I have very limited time for lithium these days

@itrofimow
Copy link
Author

@matt-42 I've sent you the details in response to your email

@matt-42
Copy link
Owner
matt-42 commented Mar 27, 2023

@matt-42 I've sent you the details in response to your email

Thanks !

@itrofimow
Copy link
Author

@matt-42 If you don't have enough time for this, i could potentially craft a patch myself and we could discuss it in mail, like good old days

@matt-42
Copy link
Owner
matt-42 commented Apr 1, 2023 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants