bu

icon company Freelancer icon location World icon location Contact: [email protected]

Results 16 comments of bu

Vulnerable shared libraries might make cyvcf2 vulnerable. Can you help upgrade to patch versions?

It seems this is still an issue, cyvcf2 0.30.22 on PyPI (latest) includes the vulnerable libraries: [https://inspector.pypi.io/project/cyvcf2/0.30.22/packages/06/b2/f569ff8e7b420e3cc09e1927eaae306a41021e64174ef78d98dea27858e2/cyvcf2-0.30.22-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl/](https://inspector.pypi.io/project/cyvcf2/0.30.22/packages/06/b2/f569ff8e7b420e3cc09e1927eaae306a41021e64174ef78d98dea27858e2/cyvcf2-0.30.22-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl)

Vulnerable shared libraries might make cyvcf2 vulnerable. Can you help upgrade to patch versions?

Also, cyvcf2 0.30.22 ships with a version of `libcurl` that is vulnerable to a High severity vulnerability. More details here: [https://github.com/curl/curl/discussions/12026](https://github.com/curl/curl/discussions/12026)

dparse v0.6.1 showing as im

Good day! How are you? I just checked the vulnerability 50571 data, and it seems ok. Would you like to provide more information about how you perform the scans? For...

Security Address

Sure, but I would rather explain it to the project maintainers in a non public channel.

Security Address

Emailed. I recommend [adding a SECURITY.md](https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository) file in your repo so reporters have clear instructions on how to handle disclosures. Thank you for your awesome projects!

ReDoS vulnerability in svnurl.py

First of all, I did fill for a CVE, but I didn't publish it. Someone else did it. I find illogical it was you, but the GH advisory says "Credits...

ReDoS vulnerability in svnurl.py

Why I filled for a CVE? - The attack scenario and PoC described. - A very similar issue in this same library was issued a CVE in the past. -...

ReDoS vulnerability in svnurl.py

I appreciate the deeper analysis provided _a few days ago_ by the maintainers. As a security researcher, think I am analyzing dozens of projects with very diverse scenarios, contexts and...

ReDoS vulnerability in svnurl.py

About the excessive noise generated by security alerts, indeed, that's sadly true. Probably in the future we will be identifying vulnerable functions and if they are called in a project's...

Question: Reporting security issues through Huntr

Thanks for the prompt response! I am still a bit confused though. I wouldn't link a private report in _Huntr_ to an public issue here so to follow responsible disclosure....