@phihag I wanted to follow up regarding the NIST vulnerability CVE-2020-14422 where the hash values are being improperly computed. This issue has a Mend severity score of 5.9.
I noticed that there's an open PR that addresses this issue and has been approved as well as another open issue asking about a fix for the same vulnerability (#63).
Given this repository's importance and the severity of the vulnerability, it would be greatly appreciated if the open PR could be merged #56. I understand that the repository has been inactive for some time, but merging this would mitigate the risk for the users that rely on it.
Thank you.
@phihag I wanted to follow up regarding the NIST vulnerability CVE-2020-14422 where the hash values are being improperly computed. This issue has a Mend severity score of 5.9.
I noticed that there's an open PR that addresses this issue and has been approved as well as another open issue asking about a fix for the same vulnerability (#63).
Given this repository's importance and the severity of the vulnerability, it would be greatly appreciated if the open PR could be merged #56. I understand that the repository has been inactive for some time, but merging this would mitigate the risk for the users that rely on it.
Thank you.