Hello Nodejs @RafaelGSS and nodejs security-wg,

I have located a secuity vulnerability to report which could lead to complete compromising. But I have submitted 4 reports to you, 2 informational but incosistent handling, 1 valid but duplicated and 1 triaged valid. As a new user for HackerOne, I'm not able to deliver more research report to you. To deliver my new reports with PoC completed, can you consider temporaryily disable your "Signal Requirement"? Since my reports haven't been resolved, my signal is still "underdetermined".

I know this is a unresonable request, but what I'm doing is just to deliver security vulnerability to you ASAP. I believe it's important to both you and me.

Threat Actors please don't contact me, I won't response you.

@4xpl0r3r I'm afraid that won't be possible. We are always targeted by spam and it makes the maintenance of Node.js H1 hard. Feel free to have a direct conversation with me through the OpenJS Foundation Slack https://openjsf.org/collaboration.