Found potential security vulnerability but got no response

[vovikhangcdv]

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the issue has not already been raised

Issue

Hi there,

I have found a potentially high-security issue in mongoose. I had tried to connect Tidelift's and also through maintainers email but got no response too. I don't create a full disclosure issue there cause it could affect the users. So please get in touch with me through email doublevkay@gmail.com or just access the report on https://huntr.dev/bounties/055be524-9296-4b2f-b68d-6d5b810d1ddd/ (only private accessible by maintainers).

Thank you.

[vovikhangcdv]

Hi there, any update?

[Uzlopak]

Ok, as a collaborator i have access to it. I actually thought that this type of attack vector will be reported. I myself reported like 4 reports like this to other projects last week.

I will have a thought on this on how we can patch this.

[vovikhangcdv]

Thanks for your response @Uzlopak,
If there are any things you need to clarify, I would be glad to help.

[vkarpov15]

Hi, I'm sorry for the delay, I missed this email. I'll discuss the issue in huntr.