Security
Headlines

Headlines Latest CVEs

Headline

GHSA-q4qm-xhf9-4p8f: Authorization bypass in Flower

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.

2 years ago

#web #git #oauth #auth

GitHub Advisory Database
GitHub Reviewed
CVE-2022-30034

Authorization bypass in Flower

High severity GitHub Reviewed Published Jun 3, 2022 • Updated Jun 3, 2022

We are still processing this advisory. You may have affected repositories that are not yet on this list. Check back soon for more.

Package

pip flower (pip )

Affected versions

<= 1.0.0

Description

Related news

CVE-2022-30034: Multiple Vulnerabilities in Flower and Downstream Attacks on Airflow

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.

2 years ago

#csrf #vulnerability #web #ios #google #apache #redis #git #java #rce #ssrf #oauth #auth #docker

ghsa: Latest News

GHSA-w7qr-q9fh-fj35: Dozzle uses unsafe hash for passwords

20 hours ago

GHSA-mq92-jr35-ffpc: open-webui allows enumeration of file names and traversal of directories by observing the error messages

20 hours ago

GHSA-xcvc-5hgv-phqg: open-webui Insecure Direct Object Reference (IDOR) vulnerability

20 hours ago

GHSA-54f4-v6v9-9q82: open-webui allows writing and deleting arbitrary files

20 hours ago

GHSA-7qmx-3fpx-r45m: Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations

23 hours ago