Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Security issue #526

Closed
nvn1729 opened this issue Oct 2, 2020 · 4 comments
Closed

Security issue #526

nvn1729 opened this issue Oct 2, 2020 · 4 comments
Assignees
@juarezr @alimanfoo

Comments

@nvn1729
Copy link

nvn1729 commented Oct 2, 2020

Hello, I have a security issue to report. Can you please provide a contact to report it to or instructions on how to report it? Thanks!
@juarezr
Copy link
Member

juarezr commented Oct 2, 2020
edited
Loading

Hello @nvn1729 ,

Please send a message to my personal 1nb0x.

@nvn1729
Copy link
Author

nvn1729 commented Oct 3, 2020

Hi @juarezr message sent.

@juarezr
Copy link
Member

juarezr commented Oct 6, 2020

It's unlikely a security issue would be exploited because:

  • petl isn't directly exposed to end users. But apps and scrips using petl may be.
  • It's not common neither recommended running as root or as high priviledged user with apps using petl
  • Communication in petl uses cases are likely to be unidirecional, like from a local/remote source or from local data to remote. petl by itself doen't answer to remote requests.
  • ETL programs are not commonly exposed to remote calls.

@juarezr juarezr closed this as completed Oct 6, 2020
@juarezr
Copy link
Member

juarezr commented Nov 27, 2020

Related to #526 and #527.

Fixed in v1.6.8.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@juarezr juarezr

@alimanfoo alimanfoo

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nvn1729 @juarezr @alimanfoo