Re: [pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability

Поиск
Список
Период
Сортировка
От Akshay Joshi
Тема Re: [pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability
Дата
Msg-id CANxoLDe5V4h0dcFXcg+sePaFAQGShkzui105BF=au8HwSbEd1g@mail.gmail.com
обсуждение исходный текст
Ответ на [pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability  (Aditya Toshniwal <aditya.toshniwal@enterprisedb.com>)
Список pgadmin-hackers
Дерево обсуждения
Thanks, the patch applied.

On Thu, Oct 21, 2021 at 10:48 AM Aditya Toshniwal <aditya.toshniwal@enterprisedb.com> wrote:
Hi Hackers,

As per safety audit vulnerability report id #40493 for flask-security-too:
This is considered a low severity due to the fact that if Werkzeug is used (which is very common with Flask applications) as the WSGI layer, it by default ALWAYS ensures that the Location header is absolute - thus making this attack vector mute.

Attached patch will ignore this ID for the audit.


--
Thanks,
Aditya Toshniwal
pgAdmin Hacker | Software Architect | edbpostgres.com
"Don't Complain about Heat, Plant a TREE"


--
Thanks & Regards
Akshay Joshi
pgAdmin Hacker | Principal Software Architect
EDB Postgres
Mobile: +91 976-788-8246

В списке pgadmin-hackers по дате отправления:

Предыдущее
От: Akshay Joshi
Дата:
Сообщение: pgAdmin 4 commit: Ignore flask-security-too irrelevant vulnerability.
Следующее
От: Akshay Joshi
Дата:
Сообщение: Re: [pgAdmin][RM6780]: While inheriting table, if newly added column present in parent table then merge columns