RSS   Podatności dla 'Flower'   RSS

2022-06-02
 
CVE-2022-30034

CWE-287
 
 
Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.

 
2019-09-27
 
CVE-2019-16926

CWE-79
 
 
Flower 0.9.3 has XSS via a crafted worker name.

 
 
CVE-2019-16925

CWE-79
 
 
Flower 0.9.3 has XSS via the name parameter in an @app.task call.

 

Copyright 2024, cxsecurity.com

 

Back to Top