[CKAN-Security] CKAN Security issue

Mohamed Hatab hatab at master-works.net
Thu Mar 21 08:59:00 UTC 2019


Dears appreciate you fast response its urgent.

 




Best Regards,,, 


Mohamed Hatab 


Software Development Manager





 <http://+966505232233/> +966559495262

 

 




 <tel:+966%2011%20400%200014> +966114000014

 

 





 <tel:+966%2011%20400%200041> +966114000041

 

 




hatab at master-works.net <mailto:your%20eMail at master-works.net> 

 

 




 <http://www.master-works.net/> www.master-works.net

 

 



 
<https://www.google.com.sa/maps/place/Master+Works/@24.7586655,46.7122324,17
z/data=!3m1!4b1!4m5!3m4!1s0x3e2efd8756f74c0d:0x2274ad319a955081!8m2!3d24.758
6606!4d46.7144211?hl=en> Riyadh, Saudi Arabia

 


 <https://www.linkedin.com/in/hatab/> 



 

 

From: Mohamed Hatab [mailto:hatab at master-works.net] 
Sent: Tuesday, March 19, 2019 2:35 PM
To: 'security at ckan.org' <security at ckan.org>
Subject: CKAN Security issue

 

Dear Team

Hope you are doing well

We have received the security report for the ckan and we got one critical
issue as below.

 


Issue

Severity

Note


Python pickle serialization

Critical

The pickle module is not intended to be secure against erroneous or
maliciously constructed data. Never unpickle data received from an untrusted
or unauthenticated source

 

Could you explain or share any references that prove there is no any
security issues or risks or is there any other alternative solutions?

 




Best Regards,,, 


Mohamed Hatab 


Software Development Manager





 <http://+966505232233/> +966559495262

 

 




 <tel:+966%2011%20400%200014> +966114000014

 

 





 <tel:+966%2011%20400%200041> +966114000041

 

 




hatab at master-works.net <mailto:your%20eMail at master-works.net> 

 

 




 <http://www.master-works.net/> www.master-works.net

 

 



 
<https://www.google.com.sa/maps/place/Master+Works/@24.7586655,46.7122324,17
z/data=!3m1!4b1!4m5!3m4!1s0x3e2efd8756f74c0d:0x2274ad319a955081!8m2!3d24.758
6606!4d46.7144211?hl=en> Riyadh, Saudi Arabia

 


 <https://www.linkedin.com/in/hatab/> 



 

 



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/security/attachments/20190321/48d12e42/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 243 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20190321/48d12e42/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 360 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20190321/48d12e42/attachment-0009.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 299 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20190321/48d12e42/attachment-0010.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 312 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20190321/48d12e42/attachment-0011.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 467 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20190321/48d12e42/attachment-0012.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.png
Type: image/png
Size: 350 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20190321/48d12e42/attachment-0013.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.png
Type: image/png
Size: 600 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20190321/48d12e42/attachment-0014.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image008.png
Type: image/png
Size: 25092 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20190321/48d12e42/attachment-0015.png>


More information about the Security mailing list