Home > mailing lists

Re: [pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability - Mailing list pgadmin-hackers

From	Akshay Joshi
Subject	Re: [pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability
Date	October 21, 2021 08:45:35
Msg-id	CANxoLDe5V4h0dcFXcg+sePaFAQGShkzui105BF=au8HwSbEd1g@mail.gmail.com Whole thread Raw
In response to	[pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability (Aditya Toshniwal <aditya.toshniwal@enterprisedb.com>)
List	pgadmin-hackers

Tree view

Thanks, the patch applied.

On Thu, Oct 21, 2021 at 10:48 AM Aditya Toshniwal <aditya.toshniwal@enterprisedb.com> wrote:

Hi Hackers,

As per safety audit vulnerability report id #40493 for flask-security-too:
This is considered a low severity due to the fact that if Werkzeug is used (which is very common with Flask applications) as the WSGI layer, it by default ALWAYS ensures that the Location header is absolute - thus making this attack vector mute.

Attached patch will ignore this ID for the audit.

--
Thanks,
Aditya Toshniwal
pgAdmin Hacker | Software Architect | edbpostgres.com
"Don't Complain about Heat, Plant a TREE"

Thanks & Regards

Akshay Joshi

pgAdmin Hacker | Principal Software Architect

EDB Postgres

Mobile: +91 976-788-8246

pgadmin-hackers by date:

From: Akshay Joshi
Date: 21 October 2021, 08:45:07
Subject: pgAdmin 4 commit: Ignore flask-security-too irrelevant vulnerability.

From: Akshay Joshi
Date: 21 October 2021, 08:45:50
Subject: Re: [pgAdmin][RM6780]: While inheriting table, if newly added column present in parent table then merge columns

Re: [pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability - Mailing list pgadmin-hackers

Previous

Next