mxnet icon indicating copy to clipboard operation
mxnet copied to clipboard

Published 20 hours ago verified publisher icon apache

[BUGFIX] - Resources Downloaded over Insecure Protocol

Open b1nslashsh opened this issue 4 years ago • 3 comments

Description

This package is vulnerable to MITM or Man-In-The-Middle attack due to a downloading resources through insecure protocols. It is possible for an attacker to intercept and alter the packages which may leads to RCE other attacks which may help the attacker gain access to host

Checklist

Essentials

  • [x] PR's title starts with a category (e.g. [BUGFIX], [MODEL], [TUTORIAL], [FEATURE], [DOC], etc)
  • [x] Changes are complete (i.e. I finished coding on this PR)
  • [x] All changes have test coverage
  • [x] Code is well-documented

Changes

Just protocol changed to https and the resource is available in https. in line https://github.com/apache/incubator-mxnet/blob/master/example/rnn/bucket_R/data_preprocessing_seq_to_one.R#L20

Comments

By switching to HTTPS that issue can be resolved.

b1nslashsh avatar Oct 08 '20 06:10 b1nslashsh

Hey @b1nslashsh , Thanks for submitting the PR All tests are already queued to run once. If tests fail, you can trigger one or more tests again with the following commands:

  • To trigger all jobs: @mxnet-bot run ci [all]
  • To trigger specific jobs: @mxnet-bot run ci [job1, job2]

CI supported jobs: [unix-gpu, edge, windows-cpu, unix-cpu, sanity, website, miscellaneous, clang, centos-gpu, centos-cpu, windows-gpu]

Note: Only following 3 categories can trigger CI :PR Author, MXNet Committer, Jenkins Admin. All CI tests must pass before the PR can be merged.

mxnet-bot avatar Oct 08 '20 06:10 mxnet-bot

@mxnet-bot run ci [unix-gpu, windows-gpu]

leezu avatar Oct 08 '20 17:10 leezu

Jenkins CI successfully triggered : [unix-gpu, windows-gpu]

mxnet-bot avatar Oct 08 '20 17:10 mxnet-bot