Imagine the headline if a slop security report ends up real but the maintainer ignored it.
It’s a lose-lose situation for the maintainers
Imagine the headline if a slop security report ends up real but the maintainer ignored it.
It’s a lose-lose situation for the maintainers
Thankfully in this case it's a curl vulnerability that doesn't use curl in the reproducer. That's a fairly safe call.