Safety CI > crim-ca/weaver

fix-workflow-output-binding

4 years, 5 months ago

d556fbc7

refactor wps-process in workflow (reuse staging operations) + fix workflow collect output glob (fix

celery 3.1.26.post2 has known security vulnerabilities.

Package	Installed	Affected	Info
celery	3.1.26.post2	<4.4.0rc5	show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841
celery	3.1.26.post2	<5.2.0	show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.
celery	3.1.26.post2	<5.2.2	show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

Package

Installed

Affected

Info

celery

3.1.26.post2

<4.4.0rc5

show

Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets.
https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841

celery

3.1.26.post2

<5.2.0

show

Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.

celery

3.1.26.post2

<5.2.2

show

Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

private-dockers

4 years, 5 months ago

07ac5af5

fix docs lint

celery 3.1.26.post2 has known security vulnerabilities.

Package	Installed	Affected	Info
celery	3.1.26.post2	<4.4.0rc5	show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841
celery	3.1.26.post2	<5.2.0	show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.
celery	3.1.26.post2	<5.2.2	show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

Package

Installed

Affected

Info

celery

3.1.26.post2

<4.4.0rc5

show

Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets.
https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841

celery

3.1.26.post2

<5.2.0

show

Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.

celery

3.1.26.post2

<5.2.2

show

Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

private-dockers

4 years, 5 months ago

1900f0a6

fix linting

celery 3.1.26.post2 has known security vulnerabilities.

Package	Installed	Affected	Info
celery	3.1.26.post2	<4.4.0rc5	show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841
celery	3.1.26.post2	<5.2.0	show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.
celery	3.1.26.post2	<5.2.2	show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

Package

Installed

Affected

Info

celery

3.1.26.post2

<4.4.0rc5

show

Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets.
https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841

celery

3.1.26.post2

<5.2.0

show

Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.

celery

3.1.26.post2

<5.2.2

show

Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

private-dockers

4 years, 5 months ago

338dd2b4

fix docker auth test

celery 3.1.26.post2 has known security vulnerabilities.

Package	Installed	Affected	Info
celery	3.1.26.post2	<4.4.0rc5	show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841
celery	3.1.26.post2	<5.2.0	show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.
celery	3.1.26.post2	<5.2.2	show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

Package

Installed

Affected

Info

celery

3.1.26.post2

<4.4.0rc5

show

Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets.
https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841

celery

3.1.26.post2

<5.2.0

show

Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.

celery

3.1.26.post2

<5.2.2

show

Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

private-dockers

4 years, 5 months ago

65700dcb

fix imports

celery 3.1.26.post2 has known security vulnerabilities.

Package	Installed	Affected	Info
celery	3.1.26.post2	<4.4.0rc5	show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841
celery	3.1.26.post2	<5.2.0	show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.
celery	3.1.26.post2	<5.2.2	show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

Package

Installed

Affected

Info

celery

3.1.26.post2

<4.4.0rc5

show

Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets.
https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841

celery

3.1.26.post2

<5.2.0

show

Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.

celery

3.1.26.post2

<5.2.2

show

Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

private-dockers

4 years, 5 months ago

eb342f2d

skip auth failure when unrequired

celery 3.1.26.post2 has known security vulnerabilities.

Package	Installed	Affected	Info
celery	3.1.26.post2	<4.4.0rc5	show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841
celery	3.1.26.post2	<5.2.0	show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.
celery	3.1.26.post2	<5.2.2	show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

Package

Installed

Affected

Info

celery

3.1.26.post2

<4.4.0rc5

show

Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets.
https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841

celery

3.1.26.post2

<5.2.0

show

Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.

celery

3.1.26.post2

<5.2.2

show

Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

private-dockers

4 years, 5 months ago

c0042dce

fix test

celery 3.1.26.post2 has known security vulnerabilities.

Package	Installed	Affected	Info
celery	3.1.26.post2	<4.4.0rc5	show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841
celery	3.1.26.post2	<5.2.0	show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.
celery	3.1.26.post2	<5.2.2	show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

Package

Installed

Affected

Info

celery

3.1.26.post2

<4.4.0rc5

show

Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets.
https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841

celery

3.1.26.post2

<5.2.0

show

Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.

celery

3.1.26.post2

<5.2.2

show

Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

private-dockers

4 years, 5 months ago

b140a95d

docs and changelog updates

celery 3.1.26.post2 has known security vulnerabilities.

Package	Installed	Affected	Info
celery	3.1.26.post2	<4.4.0rc5	show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841
celery	3.1.26.post2	<5.2.0	show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.
celery	3.1.26.post2	<5.2.2	show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

Package

Installed

Affected

Info

celery

3.1.26.post2

<4.4.0rc5

show

Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets.
https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841

celery

3.1.26.post2

<5.2.0

show

Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.

celery

3.1.26.post2

<5.2.2

show

Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

private-dockers

4 years, 5 months ago

e5f51a7e

remove docker auth script not needed

celery 3.1.26.post2 has known security vulnerabilities.

Package	Installed	Affected	Info
celery	3.1.26.post2	<4.4.0rc5	show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841
celery	3.1.26.post2	<5.2.0	show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.
celery	3.1.26.post2	<5.2.2	show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

Package

Installed

Affected

Info

celery

3.1.26.post2

<4.4.0rc5

show

Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets.
https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841

celery

3.1.26.post2

<5.2.0

show

Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.

celery

3.1.26.post2

<5.2.2

show

Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

private-dockers

4 years, 5 months ago

5de8cdc2

add more step log about docker pull status/finished

celery 3.1.26.post2 has known security vulnerabilities.

Package	Installed	Affected	Info
celery	3.1.26.post2	<4.4.0rc5	show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841
celery	3.1.26.post2	<5.2.0	show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.
celery	3.1.26.post2	<5.2.2	show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

Package

Installed

Affected

Info

celery

3.1.26.post2

<4.4.0rc5

show

Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets.
https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841

celery

3.1.26.post2

<5.2.0

show

Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.

celery

3.1.26.post2

<5.2.2

show

Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

private-dockers

4 years, 5 months ago

1698ca2c

fix resolution of auth token for Docker API to pull image + resolve parsing of inputs (OpenSearch)

celery 3.1.26.post2 has known security vulnerabilities.

Package	Installed	Affected	Info
celery	3.1.26.post2	<4.4.0rc5	show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841
celery	3.1.26.post2	<5.2.0	show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.
celery	3.1.26.post2	<5.2.2	show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

Package

Installed

Affected

Info

celery

3.1.26.post2

<4.4.0rc5

show

Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets.
https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841

celery

3.1.26.post2

<5.2.0

show

Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.

celery

3.1.26.post2

<5.2.2

show

Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

private-dockers

4 years, 5 months ago

01453b6e

full procedure to run docker pull with auth

celery 3.1.26.post2 has known security vulnerabilities.

Package	Installed	Affected	Info
celery	3.1.26.post2	<4.4.0rc5	show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841
celery	3.1.26.post2	<5.2.0	show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.
celery	3.1.26.post2	<5.2.2	show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

Package

Installed

Affected

Info

celery

3.1.26.post2

<4.4.0rc5

show

Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets.
https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841

celery

3.1.26.post2

<5.2.0

show

Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.

celery

3.1.26.post2

<5.2.2

show

Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

private-dockers

4 years, 5 months ago

6899c138

more handling of docker references/reload from db

celery 3.1.26.post2 has known security vulnerabilities.

Package	Installed	Affected	Info
celery	3.1.26.post2	<4.4.0rc5	show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841
celery	3.1.26.post2	<5.2.0	show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.
celery	3.1.26.post2	<5.2.2	show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

Package

Installed

Affected

Info

celery

3.1.26.post2

<4.4.0rc5

show

Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets.
https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841

celery

3.1.26.post2

<5.2.0

show

Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.

celery

3.1.26.post2

<5.2.2

show

Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

master

4 years, 5 months ago

4dbb0048

Bump version: 4.3.0 → 4.4.0

celery 3.1.26.post2 has known security vulnerabilities.

Package	Installed	Affected	Info
celery	3.1.26.post2	<4.4.0rc5	show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841
celery	3.1.26.post2	<5.2.0	show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.
celery	3.1.26.post2	<5.2.2	show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

Package

Installed

Affected

Info

celery

3.1.26.post2

<4.4.0rc5

show

Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets.
https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841

celery

3.1.26.post2

<5.2.0

show

Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.

celery

3.1.26.post2

<5.2.2

show

Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

private-dockers

4 years, 5 months ago

509835a3

more handling of docker references/reload from db

celery 3.1.26.post2 has known security vulnerabilities.

Package	Installed	Affected	Info
celery	3.1.26.post2	<4.4.0rc5	show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841
celery	3.1.26.post2	<5.2.0	show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.
celery	3.1.26.post2	<5.2.2	show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

Package

Installed

Affected

Info

celery

3.1.26.post2

<4.4.0rc5

show

Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets.
https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841

celery

3.1.26.post2

<5.2.0

show

Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.

celery

3.1.26.post2

<5.2.2

show

Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.