Coveralls is vulnerable

TimothyGu opened this issue 9 years ago · comments

Timothy Gu commented 9 years ago

The private repo token is exposed: https://github.com/davidbau/seedrandom/blob/master/.coveralls.yml#L1

Proof of concept: https://coveralls.io/builds/1838552

David Bau commented 9 years ago

Fixed in db8f7c5.