Orlserg

**Name of the Vulnerable Software and Affected Versions** @replit/crosis versions prior to 7.3.1 **Description** A vulnerability exists that involves exposure of sensitive information. When using the library to communicate with Replit in a standalone fashion, if there are multiple failed attempts to contact Replit through a WebSocket, the library will attempt to communicate using a fallback poll-based proxy. The URL of the proxy has changed, so any communication done to the previous URL could potentially reach a server that is outside of Replit's control and the token used to connect to the Repl could be obtained by an attacker, leading to full compromise of that Repl. **Recommendations** For versions prior to 7.3.1, update to version 7.3.1 or later. As a temporary workaround, specify the new address for the polling host (`gp-v2.replit.com`) in the `ConnectArgs`.