Dependabot Alert: Werkzeug safe_join not safe on Windows #371

JennaySDavis · 2024-10-28T15:02:18Z

On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable.

JennaySDavis · 2024-11-01T19:29:28Z

371 Acceptance Criteria

Pass/Fail	Description
Pass	Regression Testing on 889 Tool

Comments/Additional Notes
N/A

ADA Compliance (Automated scan via Chrome Lighthouse)

Criteria	Score
Performance	96 *
Accessibility	100
Best Practices	100
*Performance score is related to a third-party Google Analytics cookie and cloud.gov = false positive

Passed 11/01/2024 - JSD

johnbeallgsa · 2024-11-15T12:47:37Z

Thanks for explaining during Demo. Moving to Done.

JennaySDavis added Dependabot Alert Sprint 43 labels Oct 28, 2024

john-labbate self-assigned this Oct 31, 2024

JennaySDavis assigned johnbeallgsa and unassigned john-labbate Nov 1, 2024

felder101 mentioned this issue Nov 13, 2024

Production Release #379

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dependabot Alert: Werkzeug safe_join not safe on Windows #371

Dependabot Alert: Werkzeug safe_join not safe on Windows #371

JennaySDavis commented Oct 28, 2024 •

edited

Loading

JennaySDavis commented Nov 1, 2024 •

edited

Loading

johnbeallgsa commented Nov 15, 2024

Dependabot Alert: Werkzeug safe_join not safe on Windows #371

Dependabot Alert: Werkzeug safe_join not safe on Windows #371

Comments

JennaySDavis commented Oct 28, 2024 • edited Loading

JennaySDavis commented Nov 1, 2024 • edited Loading

johnbeallgsa commented Nov 15, 2024

JennaySDavis commented Oct 28, 2024 •

edited

Loading

JennaySDavis commented Nov 1, 2024 •

edited

Loading