Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[GHSA-m7xq-9374-9rvx] Mongoose search injection vulnerability #5103

Closed

Conversation

katzj
Copy link

@katzj katzj commented Dec 19, 2024

Updates

  • Reporter

Comments
Can you add Phùng Siêu Đạt as the reporter? This was originally reported to Tidelift as the security disclosure contact for mongoose but MITRE dropped the reporter when the CVE was created.

@github-actions github-actions bot changed the base branch from main to katzj/advisory-improvement-5103 December 19, 2024 22:27
@JonathanLEvans
Copy link

Hey @katzj, this CVE didn't originate on GitHub and we don't manage reporter credits for non-GitHub CVEs. You'll need to reach out to MITRE to get Phùng Siêu Đạt added as the reporter for the CVE. Sorry.

@github-actions github-actions bot deleted the katzj-GHSA-m7xq-9374-9rvx branch December 20, 2024 20:50
@katzj
Copy link
Author

katzj commented Dec 23, 2024

Where are the credits coming that are being shown on the GHSA from then? MITRE also said they don't do reporter credits anymore and there aren't any listed on the NVD site

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants