profile
viewpoint

Ask questionsDatabase false positive: Gunicorn request smuggling vulnerability

Hi,

Version 19.10 is being incorrectly flagged as insecure. How would I approach fixing this? I'm happy to patch the DB myself, but it looks like it is auto generated by a bot - so if I made the change, would the bot undo it from wherever it gets its sources from?

Discussed in both Airflow and Gunicorn, and confirmed that 19.10 was patched:

https://github.com/apache/airflow/issues/15570 https://github.com/benoitc/gunicorn/issues/2572

The CVE also states that 19.10.0 and 20.0.1 both have the fix:

https://snyk.io/vuln/SNYK-PYTHON-GUNICORN-541164

Database: https://github.com/pyupio/safety-db/blob/master/data/insecure_full.json#L8507

Id: pyup.io-40105

pyupio/safety-db

Answer questions harlekeyn

Yes, you are correct. Thanks for letting us know. We have updated our database. Note that this will not reflect in our free database until June 1st, 2021.

useful!

Related questions

No questions were found.
source:https://uonfu.com/
Github User Rank List