Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please Open a Security Advisory #954

Closed
JLLeitschuh opened this issue Jan 24, 2021 · 4 comments · Fixed by #969
Closed

Please Open a Security Advisory #954

JLLeitschuh opened this issue Jan 24, 2021 · 4 comments · Fixed by #969

Comments

@JLLeitschuh
Copy link

Hello,

I'm an independent security researcher performing security research under the GitHub Security Lab Bug Bounty Program. I believe I may have found a security vulnerability in this project.

Please open a security advisory against this repository so we can privately discuss the details. This advisory can be opened by a user with admin permissions on this repository.

https://github.com/google/data-transfer-project/security/advisories
@seehamrun
Copy link
Member

Hiya! thanks we've received this report internally and are working on a fix!

@JLLeitschuh
Copy link
Author

Hi,
How can I best track this to completion?

@seehamrun
Copy link
Member

Hey! Sorry for the miscommunication, this is being tracked as a regular issue since the code is self contained - we'll be working on it when we get open cycles

I've opened up #968 to track this - lmk if you still have any questions!

@JLLeitschuh
Copy link
Author

JLLeitschuh commented Apr 7, 2021
edited

What's the plan for CVE issuance on this vulnerability?

@seehamrun seehamrun linked a pull request Apr 8, 2021 that will close this issue
Switch to using Files.createTempFile #969
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Switch to using Files.createTempFile google/data-transfer-project
2 participants
@JLLeitschuh @seehamrun