public inbox for [email protected]
help / color / mirror / Atom feedFrom: Akshay Joshi <[email protected]>
To: Aditya Toshniwal <[email protected]>
Cc: pgadmin-hackers <[email protected]>
Subject: Re: [pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability
Date: Thu, 21 Oct 2021 11:15:35 +0530
Message-ID: <CANxoLDe5V4h0dcFXcg+sePaFAQGShkzui105BF=au8HwSbEd1g@mail.gmail.com> (raw)
In-Reply-To: <CAM9w-_mmBhft+S_s2d2Ji__gWAz-9oX7xefCJkUcE8N5h5H8tQ@mail.gmail.com>
References: <CAM9w-_mmBhft+S_s2d2Ji__gWAz-9oX7xefCJkUcE8N5h5H8tQ@mail.gmail.com>
Thanks, the patch applied.
On Thu, Oct 21, 2021 at 10:48 AM Aditya Toshniwal <
[email protected]> wrote:
> Hi Hackers,
>
> As per safety audit vulnerability report id #40493 for flask-security-too:
> *This is considered a low severity due to the fact that if Werkzeug is
> used (which is very common with Flask applications) as the WSGI layer, it
> by default ALWAYS ensures that the Location header is absolute - thus
> making this attack vector mute.*
>
> Attached patch will ignore this ID for the audit.
>
>
> --
> Thanks,
> Aditya Toshniwal
> pgAdmin Hacker | Software Architect | *edbpostgres.com*
> <http://edbpostgres.com;
> "Don't Complain about Heat, Plant a TREE"
>
--
*Thanks & Regards*
*Akshay Joshi*
*pgAdmin Hacker | Principal Software Architect*
*EDB Postgres <http://edbpostgres.com>*
*Mobile: +91 976-788-8246*
view thread (2+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: [pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability
In-Reply-To: <CANxoLDe5V4h0dcFXcg+sePaFAQGShkzui105BF=au8HwSbEd1g@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox