<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
@font-face
{font-family:"Lucida Bright";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Aptos",sans-serif;
mso-ligatures:standardcontextual;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#467886;
text-decoration:underline;}
p.signature365-dc9b8kja, li.signature365-dc9b8kja, div.signature365-dc9b8kja
{mso-style-name:signature365-dc9b8kja;
mso-style-priority:99;
margin:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;
color:black;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-GB" link="#467886" vlink="#96607D" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Dear QGIS team,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I hope this email finds you well.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Our vulnerability scan detected a vulnerability in the Python libraries in QGIS
<a href="http://3.4.0.2">
3.4.0.2</a>.<o:p></o:p></p>
<p class="MsoNormal">The report states:<o:p></o:p></p>
<p class="MsoNormal">“The version of the Pandas library installed on the remote host has an unpatched exposure. It is, therefore, affected by a code injection vulnerability in the pandas.DataFrame.query function. The function is intended to allow querying the
columns of a DataFrame using a boolean expression. A malicious attacker can constructs a malicious query to bypass input validation mechanisms and trigger a code injection vulnerability which can lead to command execution if the code passes untrusted input
into self.eval().”<o:p></o:p></p>
<p class="MsoNormal"><br>
The library is stored in this directory: C:\Program Files\QGIS 3.40.2\apps\Python312\Lib.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Could you please advice as to whether this is a false positive or a known issue?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thank you.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Kind regards,<o:p></o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td style="padding:0cm 0cm 0cm 0cm">
<div id="signature-365-signature">
<div>
<p class="signature365-dc9b8kja"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><br>
</span><a href="https://www.brydenwood.co.uk/"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;text-decoration:none"><img border="0" width="37" height="37" style="width:.3854in;height:.3854in" id="Picture_x0020_8" src="cid:image001.png@01DB6CC9.96C7BBA0"></span></a><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><br>
</span><span style="font-size:8.0pt;font-family:"Calibri",sans-serif"> </span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><br>
</span><span style="font-family:"Lucida Bright",serif;color:white;background:black">Matteo Cassio</span><span style="font-size:11.0pt;font-family:"Lucida Bright",serif;color:white;background:black"><br>
</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> </span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><br>
</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif">Senior IT Systems Engineer<br>
</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><br>
</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><a href="mailto:MCassio@brydenwood.co.uk">MCassio@brydenwood.co.uk</a><br>
+44 (0)20 7253 4772<br>
101 Euston Road<br>
London<br>
NW1 2RA<br>
</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<p class="signature365-dc9b8kja" style="margin-bottom:12.0pt"><a href="https://www.brydenwood.co.uk/"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue;text-decoration:none"><img border="0" width="159" height="26" style="width:1.6562in;height:.2708in" id="Picture_x0020_7" src="cid:image002.png@01DB6CC9.96C7BBA0"></span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<p class="signature365-dc9b8kja" style="margin-bottom:12.0pt"><a href="https://www.brydenwood.co.uk/"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:blue;text-decoration:none"><img border="0" width="250" height="83" style="width:2.6041in;height:.8645in" id="Picture_x0020_6" src="cid:image003.jpg@01DB6CC9.96C7BBA0"></span></a><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><br>
<br>
</span><a href="https://www.linkedin.com/company/brydenwoodtechnology/"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:blue;text-decoration:none"><img border="0" width="32" height="32" style="width:.3333in;height:.3333in" id="Picture_x0020_5" src="cid:image004.png@01DB6CC9.96C7BBA0"></span></a><a href="https://twitter.com/BrydenWood"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:blue;text-decoration:none"><img border="0" width="32" height="32" style="width:.3333in;height:.3333in" id="Picture_x0020_4" src="cid:image005.png@01DB6CC9.96C7BBA0"></span></a><a href="https://www.youtube.com/c/BrydenWoodTech"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:blue;text-decoration:none"><img border="0" width="32" height="32" style="width:.3333in;height:.3333in" id="Picture_x0020_3" src="cid:image006.png@01DB6CC9.96C7BBA0"></span></a><a href="https://www.instagram.com/brydenwoodtech/"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:blue;text-decoration:none"><img border="0" width="32" height="32" style="width:.3333in;height:.3333in" id="Picture_x0020_2" src="cid:image007.png@01DB6CC9.96C7BBA0"></span></a><a href="https://www.facebook.com/brydenwoodtech/"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:blue;text-decoration:none"><img border="0" width="32" height="32" style="width:.3333in;height:.3333in" id="Picture_x0020_1" src="cid:image008.png@01DB6CC9.96C7BBA0"></span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<div class="MsoNormal" align="center" style="text-align:center"><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB">
<hr size="6" width="100%" noshade="" style="color:black" align="center">
</span></div>
<p class="signature365-dc9b8kja"><span style="font-size:8.0pt;font-family:"Arial",sans-serif">Registered Company Address<br>
Plurenden Manor Farm,<br>
Plurenden Lane,<br>
High Halden,<br>
Kent, TN26 3JW<br>
<br>
Bryden Wood<br>
Technology Limited<br>
Registered Company<br>
No 05750083<br>
VAT Registered 876 8921 58<o:p></o:p></span></p>
</div>
</div>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>