Django REST Framework example has a dated (vulnerable) version of `requests`

globusonline / globus-integration-examples

Documentation and code examples of using Globus Auth with various web sites and platforms

1 stars 3 forks source link

Django REST Framework example has a dated (vulnerable) version of `requests` #20

Closed sirosen closed 5 years ago

sirosen commented 5 years ago

Got a notification about this src/django-rest-framework/restapi/requirements.txt has a pinned version of requests which should maybe just be opened up to requests<3.0

The vuln is CVE-2018-18074, which centers around HTTPS-to-HTTP redirection. Probably a complete non-issue, but "better safe..." and also gets the GitHub alertspam out of my inbox 😉

rpwagner commented 5 years ago

Thanks, @sirosen. I unpinned the version. That should be fine for this examples repo.