Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple security issues #1

Open
gquere opened this issue Jun 1, 2023 · 1 comment
Open

Multiple security issues #1

gquere opened this issue Jun 1, 2023 · 1 comment

Comments

@gquere
Copy link

gquere commented Jun 1, 2023

This software is riddled with vulnerabilities and shouldn't be used anywhere:

  • no authentication
  • leaks credentials of remote or local db in editDb
  • remote code execution in doNewRun

Please add a warning in README or fix these issues.
@ng-pe
Copy link
Contributor

ng-pe commented Jun 12, 2023

Hello,

This project is used in isolated environments for migration purposes in alpha development status.

What you point out is indeed problematic when used in an "open" environment : this project is generally used in a closed environment as part of a migration project.

As far as good practices for reporting security problems are concerned, it's best to do so privately, to give the developer time to correct the problem before publication.

We are currently considering the next steps in the project. We're probably going to archive it and stop development. Indeed, our migration team is moving to another methodology and project.

As this is an opensource project, don't hesitate to contribute with a PR to correct the reported problem ;) .

Best regards,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gquere @ng-pe