Critical and High Vulnerabilities in PrecisionFDA #13
Description
Hi - I'm writing from Ion Channel, a cybersecurity firm that monitors the software supply chain for U.S. critical infrastructure. In response to information on the escalating prevalence of software dependency attacks, and in an effort to preclude such an attack on a federal civilian agency infrastructure, we are reaching out to the development teams of publicly released federal software projects that have critical and high severity vulnerabilities, to make them aware of these findings and to encourage immediate remediation.
In the case of PrecisionFDA, there are two high and two critical vulnerabilities in the project. Screen shot is attached. For detailed findings, or to coordinate further, e-mail info@ionchannel.io . This is not a sales pitch - all findings will be delivered as open data.