Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Where can I report security vulnerability? #1101

Closed
orangetw opened this issue Jan 14, 2018 · 3 comments
Closed

Where can I report security vulnerability? #1101

orangetw opened this issue Jan 14, 2018 · 3 comments
Milestone
0.7.5

Comments

@orangetw
Copy link

Hi, I found a potential vulnerability in the latest version of Eve.
Is there any security related email I can send my report?

Thanks :)
@nicolaiarocci
Copy link
Member

please send an email to eve@nicolaiarocci.com, thanks.

@orangetw
Copy link
Author

I have sent, please check the inbox.

@orangetw
Copy link
Author

io/mongo/parser.py in Eve (aka pyeve) allows remote attackers to execute arbitrary code via Code Injection in the where parameter.

This bug has been fixed in version 0.7.5!

@nicolaiarocci nicolaiarocci added this to the 0.7.5 milestone Mar 14, 2018
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.7.5
Development

No branches or pull requests
2 participants
@nicolaiarocci @orangetw