If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our vulnerability reporting page or directly via email to [email protected]. Please do not create a public GitHub issue.
Security: data-dot-all/dataall
Security
SECURITY.md
-
data.all admin user may access potentially sensitive data stored by producers via logsGHSA-p2h8-r28g-5q6h published
Nov 9, 2024 by noah-paigeModerate -
data.all authenticated users can perform restricted operations against DataSets and EnvironmentsGHSA-676j-g6g5-chj9 published
Nov 9, 2024 by noah-paigeModerate -
data.all authenticated users can obtain incorrect object level authorizationsGHSA-hx8q-7wxv-6c7c published
Nov 9, 2024 by noah-paigeModerate -
data.all authenticated users can perform mutating update operations on persisted notification recordsGHSA-x4j5-jm65-vp5j published
Nov 9, 2024 by noah-paigeModerate -
data.all does not invalidate authentication token upon user logoutGHSA-p69m-h9rw-584v published
Nov 9, 2024 by noah-paigeModerate -
data.all vulnerable to RCE through user injection of Python CommandsGHSA-m922-chh7-8qcr published
Jun 28, 2023 by NickCorbettHigh
Learn more about advisories related to data-dot-all/dataall in the GitHub Advisory Database