Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Where to disclose vulnerabilities #2269

Open
CarthageKing opened this issue Feb 15, 2023 · 3 comments
Open

Where to disclose vulnerabilities #2269

CarthageKing opened this issue Feb 15, 2023 · 3 comments

Comments

@CarthageKing
Copy link

Hi - what is the process to report security vulnerabilities for OpenTSDB? These are mainly vulnerabilities identified by Prisma scan.

Is there a secure email or mailing list we can use? Or can we just log it here as an issue?
@johann8384
Copy link
Member

You can log an issue or email me and I can take a look for you.

@manolama
Copy link
Member

And my emails in the commits should be up-to-date.

manolama added a commit to manolama/opentsdb that referenced this issue Apr 11, 2023
@manolama
Fix for OpenTSDB#2269 and OpenTSDB#2267 XSS vulnerability.
d5d41d6 
Escaping the user supplied input when outputing the HTML for the old BadRequest
HTML handlers should help. Thanks to the reporters.
Fixes CVE-2018-13003.
manolama added a commit to manolama/opentsdb that referenced this issue Apr 11, 2023
@manolama
Fix for OpenTSDB#2269 and OpenTSDB#2267 XSS vulnerability.
1c8c855 
Escaping the user supplied input when outputing the HTML for the old BadRequest
HTML handlers should help. Thanks to the reporters.
Fixes CVE-2018-13003.
manolama added a commit to manolama/opentsdb that referenced this issue Apr 11, 2023
@manolama
Fix for OpenTSDB#2269 and OpenTSDB#2267 XSS vulnerability.
50d1724 
Escaping the user supplied input when outputing the HTML for the old BadRequest
HTML handlers should help. Thanks to the reporters.
Fixes CVE-2018-13003.
manolama added a commit to manolama/opentsdb that referenced this issue Apr 11, 2023
@manolama
Fix for OpenTSDB#2269 and OpenTSDB#2267 XSS vulnerability.
ff02c1e 
Escaping the user supplied input when outputing the HTML for the old BadRequest
HTML handlers should help. Thanks to the reporters.
Fixes CVE-2018-13003.
manolama added a commit that referenced this issue Apr 11, 2023
@manolama
Fix for #2269 and #2267 XSS vulnerability.
fa88d3e 
Escaping the user supplied input when outputing the HTML for the old BadRequest
HTML handlers should help. Thanks to the reporters.
Fixes CVE-2018-13003.
@BharathSAi5397
Copy link

You can log an issue or email me and I can take a look for you.

the guava package needs to be updated to 32.0.0 to resolve some of the vulnerabilities can you guide me how to resolve them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@johann8384 @manolama @CarthageKing @BharathSAi5397