Обсуждение: [pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability

Поиск
Список
Период
Сортировка

[pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability

От
Aditya Toshniwal
Дата:
Hi Hackers,

As per safety audit vulnerability report id #40493 for flask-security-too:
This is considered a low severity due to the fact that if Werkzeug is used (which is very common with Flask applications) as the WSGI layer, it by default ALWAYS ensures that the Location header is absolute - thus making this attack vector mute.

Attached patch will ignore this ID for the audit.


--
Thanks,
Aditya Toshniwal
pgAdmin Hacker | Software Architect | edbpostgres.com
"Don't Complain about Heat, Plant a TREE"
Вложения

Re: [pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability

От
Akshay Joshi
Дата:
Thanks, the patch applied.

On Thu, Oct 21, 2021 at 10:48 AM Aditya Toshniwal <aditya.toshniwal@enterprisedb.com> wrote:
Hi Hackers,

As per safety audit vulnerability report id #40493 for flask-security-too:
This is considered a low severity due to the fact that if Werkzeug is used (which is very common with Flask applications) as the WSGI layer, it by default ALWAYS ensures that the Location header is absolute - thus making this attack vector mute.

Attached patch will ignore this ID for the audit.


--
Thanks,
Aditya Toshniwal
pgAdmin Hacker | Software Architect | edbpostgres.com
"Don't Complain about Heat, Plant a TREE"


--
Thanks & Regards
Akshay Joshi
pgAdmin Hacker | Principal Software Architect
EDB Postgres
Mobile: +91 976-788-8246