Safety CI > cookiecutter/cookiecutter-django

master

3 years, 11 months ago

8111fcf8

Update celery from 5.2.6 to 5.2.7

flower 1.0.0 has known security vulnerabilities.

Package	Installed	Affected	Info
flower	1.0.0	>=0,<2.0.0	show Flower before 2.0.0 is vulnerable to a timing attack exploiting the `get_current_user()` functionality. This vulnerability stems from the use of non-constant time string comparison for validating HTTP basic authentication credentials. https://github.com/mher/flower/pull/1166/commits/7f398f7eeb9d95399b6bf1905e0704646d0c4ece
flower	1.0.0	<1.2.0	show Flower 1.1.0 and prior are vulnerable to CVE-2022-30034: All versions as of 05-02-2022 are vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes. https://tprynn.github.io/2022/05/26/flower-vulns.html

Package

Installed

Affected

Info

flower

1.0.0

>=0,<2.0.0

show

Flower before 2.0.0 is vulnerable to a timing attack exploiting the `get_current_user()` functionality. This vulnerability stems from the use of non-constant time string comparison for validating HTTP basic authentication credentials.
https://github.com/mher/flower/pull/1166/commits/7f398f7eeb9d95399b6bf1905e0704646d0c4ece

flower

1.0.0

<1.2.0

show

Flower 1.1.0 and prior are vulnerable to CVE-2022-30034: All versions as of 05-02-2022 are vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.
https://tprynn.github.io/2022/05/26/flower-vulns.html

pyup-update-celery-5.2.6-to-5.2.7

3 years, 11 months ago

b07ac28b

Update celery from 5.2.6 to 5.2.7

flower 1.0.0 has known security vulnerabilities.

Package	Installed	Affected	Info
flower	1.0.0	>=0,<2.0.0	show Flower before 2.0.0 is vulnerable to a timing attack exploiting the `get_current_user()` functionality. This vulnerability stems from the use of non-constant time string comparison for validating HTTP basic authentication credentials. https://github.com/mher/flower/pull/1166/commits/7f398f7eeb9d95399b6bf1905e0704646d0c4ece
flower	1.0.0	<1.2.0	show Flower 1.1.0 and prior are vulnerable to CVE-2022-30034: All versions as of 05-02-2022 are vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes. https://tprynn.github.io/2022/05/26/flower-vulns.html

Package

Installed

Affected

Info

flower

1.0.0

>=0,<2.0.0

show

Flower before 2.0.0 is vulnerable to a timing attack exploiting the `get_current_user()` functionality. This vulnerability stems from the use of non-constant time string comparison for validating HTTP basic authentication credentials.
https://github.com/mher/flower/pull/1166/commits/7f398f7eeb9d95399b6bf1905e0704646d0c4ece

flower

1.0.0

<1.2.0

show

Flower 1.1.0 and prior are vulnerable to CVE-2022-30034: All versions as of 05-02-2022 are vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.
https://tprynn.github.io/2022/05/26/flower-vulns.html

master

3 years, 11 months ago

9e805ba0

Update django-celery-beat from 2.2.1 to 2.3.0

flower 1.0.0 has known security vulnerabilities.

Package	Installed	Affected	Info
flower	1.0.0	>=0,<2.0.0	show Flower before 2.0.0 is vulnerable to a timing attack exploiting the `get_current_user()` functionality. This vulnerability stems from the use of non-constant time string comparison for validating HTTP basic authentication credentials. https://github.com/mher/flower/pull/1166/commits/7f398f7eeb9d95399b6bf1905e0704646d0c4ece
flower	1.0.0	<1.2.0	show Flower 1.1.0 and prior are vulnerable to CVE-2022-30034: All versions as of 05-02-2022 are vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes. https://tprynn.github.io/2022/05/26/flower-vulns.html

Package

Installed

Affected

Info

flower

1.0.0

>=0,<2.0.0

show

Flower before 2.0.0 is vulnerable to a timing attack exploiting the `get_current_user()` functionality. This vulnerability stems from the use of non-constant time string comparison for validating HTTP basic authentication credentials.
https://github.com/mher/flower/pull/1166/commits/7f398f7eeb9d95399b6bf1905e0704646d0c4ece

flower

1.0.0

<1.2.0

show

Flower 1.1.0 and prior are vulnerable to CVE-2022-30034: All versions as of 05-02-2022 are vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.
https://tprynn.github.io/2022/05/26/flower-vulns.html

pyup-update-django-celery-beat-2.2.1-to-2.3.0

3 years, 11 months ago

28e9f45b

Update django-celery-beat from 2.2.1 to 2.3.0

flower 1.0.0 has known security vulnerabilities.

Package	Installed	Affected	Info
flower	1.0.0	>=0,<2.0.0	show Flower before 2.0.0 is vulnerable to a timing attack exploiting the `get_current_user()` functionality. This vulnerability stems from the use of non-constant time string comparison for validating HTTP basic authentication credentials. https://github.com/mher/flower/pull/1166/commits/7f398f7eeb9d95399b6bf1905e0704646d0c4ece
flower	1.0.0	<1.2.0	show Flower 1.1.0 and prior are vulnerable to CVE-2022-30034: All versions as of 05-02-2022 are vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes. https://tprynn.github.io/2022/05/26/flower-vulns.html

Package

Installed

Affected

Info

flower

1.0.0

>=0,<2.0.0

show

Flower before 2.0.0 is vulnerable to a timing attack exploiting the `get_current_user()` functionality. This vulnerability stems from the use of non-constant time string comparison for validating HTTP basic authentication credentials.
https://github.com/mher/flower/pull/1166/commits/7f398f7eeb9d95399b6bf1905e0704646d0c4ece

flower

1.0.0

<1.2.0

show

Flower 1.1.0 and prior are vulnerable to CVE-2022-30034: All versions as of 05-02-2022 are vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.
https://tprynn.github.io/2022/05/26/flower-vulns.html

master

3 years, 11 months ago