Comment by halifaxbeard
1 day ago
Any plans to issue a CVE for this HTTP request smuggling attack vector fixed in the latest bun release?
1 day ago
Any plans to issue a CVE for this HTTP request smuggling attack vector fixed in the latest bun release?
https://github.com/oven-sh/bun/security
Surprisingly, they appear to have not disclosed any vulnerabilities whatsoever. It's likely there have been numerous vulnerabilities in the past, but they are all being ignored.
https://x.com/DavidSherret/status/2031432509301428644
This is really poor form given that Anthropic is going around getting all kinds of public goodwill for finding CVEs in other people’s products.
Yeah! Why would the company that stands to make themselves look better in front of an IPO do such a thing?! Next thing you're going to tell me was that this whole rewrite was another marketing ploy to help potentially turn themselves in multi-millionaires!
1 reply →
maybe you should ask on the issue directly?