CVE-2022-30034
- EPSS 0.23%
- Veröffentlicht 02.06.2022 14:15:51
- Zuletzt bearbeitet 21.11.2024 07:02:06
Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shu...
CVE-2019-16925
- EPSS 0.24%
- Veröffentlicht 28.09.2019 00:15:10
- Zuletzt bearbeitet 21.11.2024 04:31:21
Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend confi...
CVE-2019-16926
- EPSS 0.24%
- Veröffentlicht 28.09.2019 00:15:10
- Zuletzt bearbeitet 21.11.2024 04:31:21
Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and pers...