Reporting a vulnerability

[argusSecurityBot]

Hello!

I hope you are doing well!

We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.

Can you enable it, so that we can report it?

Thanks in advance!

PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

[rhanooman12]

Hello,

dbt Labs does not currently have "Private Vulnerability Reporting" enabled for this repository. However, dbt Labs does have a Vulnerability Disclosure Policy available at https://www.getdbt.com/disclosure.

If you believe you've found a security vulnerability in dbt Labs's service, it is of critical importance that you notify the Security Team. They will work with you to resolve the issue promptly.

Thank you

[github-actions]

This issue has been marked as Stale because it has been open for 180 days with no activity. If you would like the issue to remain open, please remove the stale label or comment on the issue, or it will be closed in 7 days.