Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot Alert: Request smuggling leading to endpoint restriction bypass in Gunicorn #218

Open
JennaySDavis opened this issue Apr 18, 2024 · 2 comments
Open

Dependabot Alert: Request smuggling leading to endpoint restriction bypass in Gunicorn #218

JennaySDavis opened this issue Apr 18, 2024 · 2 comments
Assignees
@johnbeallgsa
Labels
Sprint 29 Tech Task

Comments

@JennaySDavis
Copy link

JennaySDavis commented Apr 18, 2024
edited

https://github.com/GSA/889-tool/security/dependabot/25
@JennaySDavis
Copy link
Author

#218 Acceptance Criteria

Pass/Fail Description
Pass Smoke Testing/Spot Checking the application

Comments/Additional Notes
This dependabot alert is a back-end library update. This is not related to a specific piece of functionality.

ADA Compliance (Automated scan via Chrome Lighthouse)
This user story includes no new or modified interface features; additional accessibility validation is unnecessary.

Passed 5/01/24- JSD

@johnbeallgsa
Copy link

Thanks for talking through this. Moving to Done.

felder101 added a commit that referenced this issue May 2, 2024
@felder101
Production Release
dcfed07 
Includes the following issues:

Issue #218 Dependabot Alert: Request smuggling leading to endpoint restriction bypass in Gunicorn
@felder101 felder101 mentioned this issue May 2, 2024
Merged
felder101 added a commit that referenced this issue May 3, 2024
@felder101
Production Release (#223)
9631cb3 
Includes the following issues:

Issue #218 Dependabot Alert: Request smuggling leading to endpoint restriction bypass in Gunicorn
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@johnbeallgsa johnbeallgsa

Labels
Sprint 29 Tech Task
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@john-labbate @johnbeallgsa @JennaySDavis