| From: | Aditya Toshniwal <aditya(dot)toshniwal(at)enterprisedb(dot)com> |
|---|---|
| To: | pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org> |
| Subject: | [pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability |
| Date: | 2021-10-21 05:17:34 |
| Message-ID: | CAM9w-_mmBhft+S_s2d2Ji__gWAz-9oX7xefCJkUcE8N5h5H8tQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers |
Hi Hackers,
As per safety audit vulnerability report id #40493 for flask-security-too:
*This is considered a low severity due to the fact that if Werkzeug is used
(which is very common with Flask applications) as the WSGI layer, it by
default ALWAYS ensures that the Location header is absolute - thus making
this attack vector mute.*
Attached patch will ignore this ID for the audit.
--
Thanks,
Aditya Toshniwal
pgAdmin Hacker | Software Architect | *edbpostgres.com*
<http://edbpostgres.com>
"Don't Complain about Heat, Plant a TREE"
| Attachment | Content-Type | Size |
|---|---|---|
| safety-40493.patch | application/octet-stream | 639 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Akshay Joshi | 2021-10-21 05:45:06 | pgAdmin 4 commit: Ensure that columns should be merged if the newly add |
| Previous Message | Akshay Joshi | 2021-10-20 13:09:49 | pgAdmin 4 commit: Fixed API test cases for PG 14 |