Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[GHSA-3mwc-2cj7-gx8c] lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management #5009

Open
wants to merge 1 commit into
base: vincelwt/advisory-improvement-5009
Choose a base branch
from

Conversation

vincelwt
Copy link

Updates

  • Affected products
  • CVSS v3
  • Severity

Comments
The NPM package is not tied to this repo. This vulnerability concerns the main repo, not the NPM compagnon package.

@github-actions github-actions bot changed the base branch from main to vincelwt/advisory-improvement-5009 November 15, 2024 05:01
@darakian
Copy link
Contributor

Hey there 👋
Can you help me understand why the npm package is not affected? I see that there's no repo linked on the npm page
https://www.npmjs.com/package/lunary
Do you know where the code for the package originates and how I might validate that?

Same question on #5008 as well :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants