Flower Project Flower 1.0.0

CPE Details

Flower Project Flower 1.0.0
flower_project
flower
1.0.0
2019-09-30
09h07 +00:00
2019-09-30
09h07 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:flower_project:flower:1.0.0:*:*:*:*:*:*:*

Informations

Vendor

flower_project

Product

flower

Version

1.0.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-30034 2022-05-31 11h13 +00:00 Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.
8.6
High
CVE-2019-16925 2019-09-27 21h32 +00:00 Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has full access
6.1
Medium
CVE-2019-16926 2019-09-27 21h31 +00:00 Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has full access
6.1
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.