Does this repository have the same security issue as CBOR C#

Question

Does this repository have the same security issue as CBOR C#

jimsch opened this issue 6 years ago · 2 comments

Does the same security issue exist here that is in the C# version for dealing with referenced objects while decoding?

Answer 1 · 2019-10-03T16:18:33.000Z

Yes, the security issue applies to this repository just as it does to the C# repository. See the advisory I published.

Answer 2 · 2019-10-03T16:22:15.000Z

Apparently, you might not have received automatic notifications from this repository, presumably because the way the advisory ought to reference the package and package ecosystem is incorrect (is "com.upokecenter/cbor" the correct name for this package? is "Central Repository" the correct name for the ecosystem? what about "Maven"?).