Urgent matter #1
Comments
|
Thank you @Cyber-Dude1 for reporting this vulnerability. Version 0.5.1 fixes this issue. |
|
Thanks David,
Did you contact NPM as well?
Have a great week!
…On Mon, 26 Apr 2021 at 0:40 Worms David ***@***.***> wrote:
Closed #1 <#1>.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/ALW5XU2A5JGRMNE7X2SK4JTTKSD6DANCNFSM43MBYYMQ>
.
|
|
I didn't. I felt like releasing a new version is sufficient. What is the
process you are suggeting, to block the access of previously published
versions ?
David
…On 26/04/2021 10:13, Dan Shallom wrote:
Thanks David,
Did you contact NPM as well?
Have a great week!
On Mon, 26 Apr 2021 at 0:40 Worms David ***@***.***> wrote:
> Closed #1 <#1>.
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> <#1 (comment)>, or
> unsubscribe
>
<https://github.com/notifications/unsubscribe-auth/ALW5XU2A5JGRMNE7X2SK4JTTKSD6DANCNFSM43MBYYMQ>
> .
>
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#1 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAALOMCNTDP2YQCFEB24MJTTKUOC3ANCNFSM43MBYYMQ>.
--
David Worms, SARL Adaltas
***@***.***, +33 6 76 88 72 13
6 rue Jules Simon, 92100 Boulogne-Billancourt
|
|
Hi David,
That’s right. But in this case only one version should be blocked is v0.5.0
- can you confirm?
Eventually an advisory should be published for mixme, in
https://www.npmjs.com/advisories
…On Mon, 26 Apr 2021 at 12:49 Worms David ***@***.***> wrote:
I didn't. I felt like releasing a new version is sufficient. What is the
process you are suggeting, to block the access of previously published
versions ?
David
On 26/04/2021 10:13, Dan Shallom wrote:
> Thanks David,
> Did you contact NPM as well?
>
> Have a great week!
>
> On Mon, 26 Apr 2021 at 0:40 Worms David ***@***.***> wrote:
>
> > Closed #1 <#1>.
> >
> > —
> > You are receiving this because you were mentioned.
> > Reply to this email directly, view it on GitHub
> > <#1 (comment)>, or
> > unsubscribe
> >
> <
https://github.com/notifications/unsubscribe-auth/ALW5XU2A5JGRMNE7X2SK4JTTKSD6DANCNFSM43MBYYMQ
>
> > .
> >
>
> —
> You are receiving this because you modified the open/close state.
> Reply to this email directly, view it on GitHub
> <#1 (comment)>,
> or unsubscribe
> <
https://github.com/notifications/unsubscribe-auth/AAALOMCNTDP2YQCFEB24MJTTKUOC3ANCNFSM43MBYYMQ
>.
>
--
David Worms, SARL Adaltas
***@***.***, +33 6 76 88 72 13
6 rue Jules Simon, 92100 Boulogne-Billancourt
<https://www.google.com/maps/search/6+rue+Jules+Simon,+92100+Boulogne-Billancourt?entry=gmail&source=g>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ALW5XU6UP536BCJG7EVNKPDTKUZMBANCNFSM43MBYYMQ>
.
|
|
All the versions shall be concerned but considering this is a `0.x`
version, I don't think it is necessary to go through each version to
publish a new patch release, it would take time. I found how to report
malware on NPM but not how to report a security advisory, is there a
form how shall I contact NPM on their ***@***.*** address ?
Thank you for the followup, I appreciate.
David
…On 26/04/2021 13:41, Dan Shallom wrote:
Hi David,
That’s right. But in this case only one version should be blocked is
v0.5.0
- can you confirm?
Eventually an advisory should be published for mixme, in
https://www.npmjs.com/advisories
Dan
On Mon, 26 Apr 2021 at 12:49 Worms David ***@***.***> wrote:
> I didn't. I felt like releasing a new version is sufficient. What is the
> process you are suggeting, to block the access of previously published
> versions ?
>
> David
>
> On 26/04/2021 10:13, Dan Shallom wrote:
> > Thanks David,
> > Did you contact NPM as well?
> >
> > Have a great week!
> >
> > On Mon, 26 Apr 2021 at 0:40 Worms David ***@***.***> wrote:
> >
> > > Closed #1 <#1>.
> > >
> > > —
> > > You are receiving this because you were mentioned.
> > > Reply to this email directly, view it on GitHub
> > >
<#1 (comment)>, or
> > > unsubscribe
> > >
> > <
>
https://github.com/notifications/unsubscribe-auth/ALW5XU2A5JGRMNE7X2SK4JTTKSD6DANCNFSM43MBYYMQ
> >
> > > .
> > >
> >
> > —
> > You are receiving this because you modified the open/close state.
> > Reply to this email directly, view it on GitHub
> >
<#1 (comment)>,
>
> > or unsubscribe
> > <
>
https://github.com/notifications/unsubscribe-auth/AAALOMCNTDP2YQCFEB24MJTTKUOC3ANCNFSM43MBYYMQ
> >.
> >
>
> --
> David Worms, SARL Adaltas
> ***@***.***, +33 6 76 88 72 13
> 6 rue Jules Simon, 92100 Boulogne-Billancourt
>
<https://www.google.com/maps/search/6+rue+Jules+Simon,+92100+Boulogne-Billancourt?entry=gmail&source=g>
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> <#1 (comment)>,
> or unsubscribe
>
<https://github.com/notifications/unsubscribe-auth/ALW5XU6UP536BCJG7EVNKPDTKUZMBANCNFSM43MBYYMQ>
> .
>
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#1 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAALOMGG3STXGONBFTKUTALTKVGNLANCNFSM43MBYYMQ>.
--
David Worms, SARL Adaltas
***@***.***, +33 6 76 88 72 13
6 rue Jules Simon, 92100 Boulogne-Billancourt
|
|
Hi David, Thanks :) |
|
Hi David, |
|
Yes, I got the notification. My understanding is that the NPM team will get notified and take further actions without the need to contact them. |
This was referenced May 6, 2021
Open
1 task
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Hi there,
Can you please contact me by mail?
Thanks.
The text was updated successfully, but these errors were encountered: