Shachar Menashe
Shachar Menashe
Sure thing. I've changed "unsafe" to "insecure", I don't want to confuse anyone. We did mention many times that the security impact is DoS though so I don't think someone...
You might want to use this project as a reference - https://github.com/microsoft/go-winmd
Hello, as per our disclosure policy, more than 120 days have passed and we plan to disclosure this issue publicly. Can you please share if this issue was fixed in...
To be clear, we don't want to cause trouble and highlight an issue if there is no fix yet and you are planning to fix the issue. I'm trying to...
@barchetta I don't understand why this happened, I specifically wrote "com.squareup.okhttp3:okhttp-brotli" both in the CVE JSON and our reference page. I will ask them to change it right now, sorry...
OK great they changed it to `cpe:2.3:a:squareup:okhttp-brotli:*:*:*:*:*:*:*:*` - https://nvd.nist.gov/vuln/detail/CVE-2023-3782
We could not find an official RapidJSON disclosure email address. We tried to report this issue privately to the package maintainer ([email protected]) but didn't receive a response for more than...
How can this be done? Is it mentioned in the documentation somewhere? (we couldn't find this mentioned as an issue anywhere) Why not add a default memory cap with a...
The misidentification was a temporary issue on JFrog's side which is already addressed, and not related to this repository. JFrog Artifactory & Xray users who are still experiencing this are...
We could not find an official RapidJSON disclosure email address. We tried to report this issue privately to the package maintainer ([email protected]) but didn't receive a response for more than...