NOTE! Thanks for submitting a report! Please replace all the [square] sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report!
I would like to report [VULNERABILITY] in [MODULE] It allows [DESCRIBE THE IMPACT OF THE VULNERABILITY - E.G READ ARBITRARY FILES, READ DATA FROM DATABASE ETC]
module name: [MODULE NAME]
version: [MODULE VERSION]
npm page: https://www.npmjs.com/package/[MODULE NAME]
Copy description from npm page
Replace stats below with numbers from npm’s module page:
[X] weekly downloads
Description about how the vulnerability was found and how it can be exploited, how it harms package users (data modification/lost, system access, other.
Detailed steps to reproduce with all required references/steps/commands. If there is any exploit code or reference to the package source code this is the place where it should be put.
If you're able to provide a patch with the fix please post it in this section
State all technical information about the stack where the vulnerability was found
- [OPERATING SYSTEM VERSION]
- [NODEJS VERSION]
- [NPM VERSION]
- [BROWSERS VERSIONS, IF APPLICABLE]
- [OTHER SOFTWARE USED TO EXPLOIT VULNERABILITY AND THEIR VERSIONS, IF APPLICABLE]
Select Y or N for the following statements:
- I contacted the maintainer to let them know: [Y/N]
- I opened an issue in the related repository: [Y/N]
Hunter's comments and funny memes goes here