Useful or not, from you.
safety-db Database false positive: Gunicorn request smuggling vulnerability

Hi,

Version 19.10 is being incorrectly flagged as insecure. How would I approach fixing this? I'm happy to patch the DB myself, but it looks like it is auto generated by a bot - so if I made the change, would the bot undo it from wherever it gets its sources from?

Discussed in both Airflow and Gunicorn, and confirmed that 19.10 was patched:

https://github.com/apache/airflow/issues/15570 https://github.com/benoitc/gunicorn/issues/2572

The CVE also states that 19.10.0 and 20.0.1 both have the fix:

https://snyk.io/vuln/SNYK-PYTHON-GUNICORN-541164

Database: https://github.com/pyupio/safety-db/blob/master/data/insecure_full.json#L8507

Id: pyup.io-40105

That's a useful answer
Without any help

Yes, you are correct. Thanks for letting us know. We have updated our database. Note that this will not reflect in our free database until June 1st, 2021.