Home > mailing lists

[pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability - Mailing list pgadmin-hackers

From	Aditya Toshniwal
Subject	[pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability
Date	October 21, 2021 08:17:34
Msg-id	CAM9w-_mmBhft+S_s2d2Ji__gWAz-9oX7xefCJkUcE8N5h5H8tQ@mail.gmail.com Whole thread Raw
Responses	Re: [pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability (Akshay Joshi <akshay.joshi@enterprisedb.com>)
List	pgadmin-hackers

Tree view

Hi Hackers,

As per safety audit vulnerability report id #40493 for flask-security-too:
This is considered a low severity due to the fact that if Werkzeug is used (which is very common with Flask applications) as the WSGI layer, it by default ALWAYS ensures that the Location header is absolute - thus making this attack vector mute.

Attached patch will ignore this ID for the audit.

Thanks,

Aditya Toshniwal

pgAdmin Hacker | Software Architect | edbpostgres.com

"Don't Complain about Heat, Plant a TREE"

Attachment

safety-40493.patch

pgadmin-hackers by date:

From: Akshay Joshi
Date: 20 October 2021, 16:09:49
Subject: pgAdmin 4 commit: Fixed API test cases for PG 14

From: Akshay Joshi
Date: 21 October 2021, 08:45:06
Subject: pgAdmin 4 commit: Ensure that columns should be merged if the newly add

[pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability - Mailing list pgadmin-hackers

Attachment

Previous

Next