Thread: [pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability

[pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability

From

Aditya Toshniwal

Date:

21 October 2021, 08:17:34

Hi Hackers,

As per safety audit vulnerability report id #40493 for flask-security-too:
This is considered a low severity due to the fact that if Werkzeug is used (which is very common with Flask applications) as the WSGI layer, it by default ALWAYS ensures that the Location header is absolute - thus making this attack vector mute.

Attached patch will ignore this ID for the audit.

Thanks,

Aditya Toshniwal

pgAdmin Hacker | Software Architect | edbpostgres.com

"Don't Complain about Heat, Plant a TREE"

Attachment

safety-40493.patch

Re: [pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability

From

Akshay Joshi

Date:

21 October 2021, 08:45:35

Thanks, the patch applied.

On Thu, Oct 21, 2021 at 10:48 AM Aditya Toshniwal <aditya.toshniwal@enterprisedb.com> wrote:

Hi Hackers,

As per safety audit vulnerability report id #40493 for flask-security-too:
This is considered a low severity due to the fact that if Werkzeug is used (which is very common with Flask applications) as the WSGI layer, it by default ALWAYS ensures that the Location header is absolute - thus making this attack vector mute.

Attached patch will ignore this ID for the audit.

--
Thanks,
Aditya Toshniwal
pgAdmin Hacker | Software Architect | edbpostgres.com
"Don't Complain about Heat, Plant a TREE"

Thanks & Regards

Akshay Joshi

pgAdmin Hacker | Principal Software Architect

EDB Postgres

Mobile: +91 976-788-8246