Ali Razmjoo

icon indicating a website link https://www.secologist.com/

icon company @owasp, @zdresearch, @SECOLOGIST icon location Stockholm icon location @OWASP Chapter/Project Leader

Results 47 issues of Ali Razmjoo

[Snyk] Security upgrade python from 3.11.9-slim to 3.13.0b4-slim

![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123) ### Snyk has created this PR to fix 3 vulnerabilities in the dockerfile dependencies of this project. Keeping your Docker base image up-to-date means you’ll benefit from security fixes...

compatibility issue

[Snyk] Security upgrade python from 3.11.9-slim to 3.13.0b4-slim

![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123) ### Snyk has created this PR to fix 5 vulnerabilities in the dockerfile dependencies of this project. Keeping your Docker base image up-to-date means you’ll benefit from security fixes...

compatibility issue

[Snyk] Security upgrade python from 3.11.9-slim to 3.13.0b3-slim

This PR was automatically created by Snyk using the credentials of a real user.![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123) ### Snyk has created this PR to fix 5 vulnerabilities in the dockerfile dependencies of this...

[Snyk] Security upgrade python from 3.11.9-slim to 3.13.0b2-slim

This PR was automatically created by Snyk using the credentials of a real user.![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123) ### Snyk has created this PR to fix 4 vulnerabilities in the dockerfile dependencies of this...

compatibility issue

[Snyk] Security upgrade python from 3.11.9-slim to 3.13.0rc1-slim

![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123) ### Snyk has created this PR to fix 4 vulnerabilities in the dockerfile dependencies of this project. Keeping your Docker base image up-to-date means you’ll benefit from security fixes...

compatibility issue

Unsafe shell command constructed from library input in `luigi/contrib/lsf.py`

Hi, I am reporting a potential security issue with an unsafe shell command constructed from library input in https://github.com/spotify/luigi/blob/master/luigi/contrib/lsf.py#L84-L88 I am unsure if the command line is affected by user...

Overly permissive file permissions in `luigi/lock.py`

Hi, I am reporting a potential security with overly permissive file permissions in https://github.com/spotify/luigi/blob/master/luigi/lock.py#L103 When creating a file, POSIX systems allow permissions to be specified for the owner, group, and...

Arbitrary file write during tarfile extraction in `luigi/contrib/lsf_runner.py`

Hi, I am reporting a potential security issue with arbitrary file write during tarfile extraction in https://github.com/spotify/luigi/blob/master/luigi/contrib/lsf_runner.py#L55-L58 Extracting files from a malicious tar archive without validating that the destination file...

Arbitrary file write during tarfile extraction in `luigi/contrib/sge_runner.py`

Hi, I am reporting a potential security issue with arbitrary file write during tarfile extraction in https://github.com/spotify/luigi/blob/master/luigi/contrib/sge_runner.py#L67-L70 Extracting files from a malicious tar archive without validating that the destination file...

Clear-text Logging of Sensitive Information in `luigi/contrib/pai.py`

Hi, I am reporting a potential security issue has been identified in the file `luigi/contrib/pai.py`. https://github.com/spotify/luigi/blob/9e0898e5ba31cb15e659c7e90d7db08ea1131f40/luigi/contrib/pai.py#L240-L242 The code snippet logs sensitive information, specifically the username and password, in clear text....