A lot of Security Issues

ewels / Labrador

A web based tool to manage and automate the processing of publicly available datasets.

https://www.bioinformatics.babraham.ac.uk/projects/labrador/

GNU General Public License v3.0

37 stars 9 forks source link

A lot of Security Issues #26

Closed agrawalsmart7 closed 2 years ago

agrawalsmart7 commented 2 years ago

Hi, I have seen a lot of security issues in the code. The issues contains the SQL Injection, SSRF, XSS.

It would be great if you can add security measures in those code.

ewels commented 2 years ago

Hi @agrawalsmart7,

I'm afraid that Labrador is no longer an actively maintained project (the last release was in 2014). I agree that it has plenty of security issues, but I'm afraid that I don't have the time to do anything about it.

Note that Labrador was designed to only over run on internal networks (without incoming connections). That's not a reason to not design with security in mind, but still.

Phil

agrawalsmart7 commented 2 years ago

Thanks,! As I am experimenting my tool by scanning the source code, and that tool reported me vulnerabilities so I just quickly created an issue without looking the activeness.

ewels commented 2 years ago

No worries! Thanks :)