Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security issue #526

Closed
nvn1729 opened this issue Oct 2, 2020 · 4 comments
Closed

Security issue #526

nvn1729 opened this issue Oct 2, 2020 · 4 comments
Assignees

Comments

@nvn1729
Copy link

nvn1729 commented Oct 2, 2020

Hello, I have a security issue to report. Can you please provide a contact to report it to or instructions on how to report it? Thanks!

@juarezr
Copy link
Member

juarezr commented Oct 2, 2020

Hello @nvn1729 ,

Please send a message to my personal 1nb0x.

@nvn1729
Copy link
Author

nvn1729 commented Oct 3, 2020

Hi @juarezr message sent.

@juarezr
Copy link
Member

juarezr commented Oct 6, 2020

It's unlikely a security issue would be exploited because:

  • petl isn't directly exposed to end users. But apps and scrips using petl may be.
  • It's not common neither recommended running as root or as high priviledged user with apps using petl
  • Communication in petl uses cases are likely to be unidirecional, like from a local/remote source or from local data to remote. petl by itself doen't answer to remote requests.
  • ETL programs are not commonly exposed to remote calls.

@juarezr juarezr closed this as completed Oct 6, 2020
@juarezr
Copy link
Member

juarezr commented Nov 27, 2020

Related to #526 and #527.

Fixed in v1.6.8.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants