GitHub: possible security vulnerabilities in plugin

  • Resolved cag8f

    (@cag8f)


    6 years, 2 months ago

    Hello. I just added your plugin to my site, and pushed the changes to my GitHub repo. GitHub then alerted me that were two potential security vulnerabilities in your plugin files. I’m not sure if you are aware of these or not. If you’d like to know the specifics, I can post them here, or send them to you privately if you’d like. Let me know.

    Thanks.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Sayontan Sinha

    (@sayontan)

    I just checked – I believe it is a non-issue. The file is auto-generated by Grunt while building the package files at my end, and it just so happens that my local versions of the said dependencies are not recent.

    Feel free to send the list to [email protected] and see what they come back with. If it is indeed called out as a vulnerability I will act accordingly.

    Geoffrey Shilling

    (@geoffreyshilling)

    Volunteer Moderator

    @cag8f Please never post potential security vulnerabilities on the forums or anywhere public. This ensures the right people make sure there is or is not a problem before it’s made public for others to try and exploit. Please see the information on reporting plugin security issues, which includes emailing the plugins team like the Sayontan mentioned.

    Thread Starter cag8f

    (@cag8f)

    OK thanks. We can consider this resolved.

    Plugin Author Sayontan Sinha

    (@sayontan)

    A quick update – harmless though it was, you will no longer find the file that was causing the warning. You should be good to go.

    Thread Starter cag8f

    (@cag8f)

    Sounds good–thanks for the update!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘GitHub: possible security vulnerabilities in plugin’ is closed to new replies.