pyup-scheduled-update-2021-11-17
4 years, 5 months ago
Update celery from 4.4.2 to 5.2.1
celery 3.1.26.post2 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| celery | 3.1.26.post2 | <4.4.0rc5 |
show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841 |
| celery | 3.1.26.post2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 3.1.26.post2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
master
4 years, 5 months ago
Merge pull request #365 from crim-ca/fix-typings
comments only, merging directly
celery 4.4.2 and celery 3.1.26.post2 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| celery | 4.4.2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 4.4.2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
| celery | 3.1.26.post2 | <4.4.0rc5 |
show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841 |
| celery | 3.1.26.post2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 3.1.26.post2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
fix-typings
4 years, 5 months ago
fix typings
celery 4.4.2 and celery 3.1.26.post2 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| celery | 4.4.2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 4.4.2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
| celery | 3.1.26.post2 | <4.4.0rc5 |
show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841 |
| celery | 3.1.26.post2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 3.1.26.post2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
fix-workflow-job-step-output
4 years, 5 months ago
fix linting
celery 4.4.2 and celery 3.1.26.post2 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| celery | 4.4.2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 4.4.2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
| celery | 3.1.26.post2 | <4.4.0rc5 |
show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841 |
| celery | 3.1.26.post2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 3.1.26.post2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
fix-workflow-job-step-output
4 years, 5 months ago
fix merge conflict & update changelog for next release
celery 4.4.2 and celery 3.1.26.post2 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| celery | 4.4.2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 4.4.2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
| celery | 3.1.26.post2 | <4.4.0rc5 |
show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841 |
| celery | 3.1.26.post2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 3.1.26.post2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
master
4 years, 5 months ago
Bump version: 4.2.1 → 4.3.0
celery 4.4.2 and celery 3.1.26.post2 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| celery | 4.4.2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 4.4.2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
| celery | 3.1.26.post2 | <4.4.0rc5 |
show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841 |
| celery | 3.1.26.post2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 3.1.26.post2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
master
4 years, 5 months ago
Merge pull request #359 from crim-ca/fix-batch-job-delete
celery 4.4.2 and celery 3.1.26.post2 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| celery | 4.4.2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 4.4.2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
| celery | 3.1.26.post2 | <4.4.0rc5 |
show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841 |
| celery | 3.1.26.post2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 3.1.26.post2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
fix-batch-job-delete
4 years, 5 months ago
fix imports
celery 4.4.2 and celery 3.1.26.post2 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| celery | 4.4.2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 4.4.2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
| celery | 3.1.26.post2 | <4.4.0rc5 |
show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841 |
| celery | 3.1.26.post2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 3.1.26.post2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
fix-batch-job-delete
4 years, 5 months ago
fix tests
celery 4.4.2 and celery 3.1.26.post2 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| celery | 4.4.2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 4.4.2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
| celery | 3.1.26.post2 | <4.4.0rc5 |
show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841 |
| celery | 3.1.26.post2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 3.1.26.post2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
fix-batch-job-delete
4 years, 5 months ago
fix lint
celery 4.4.2 and celery 3.1.26.post2 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| celery | 4.4.2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 4.4.2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
| celery | 3.1.26.post2 | <4.4.0rc5 |
show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841 |
| celery | 3.1.26.post2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 3.1.26.post2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
fix-batch-job-delete
4 years, 5 months ago
adjust tests with more job duration that are computed dynamically (now-started) when not yet complet
celery 4.4.2 and celery 3.1.26.post2 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| celery | 4.4.2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 4.4.2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
| celery | 3.1.26.post2 | <4.4.0rc5 |
show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841 |
| celery | 3.1.26.post2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 3.1.26.post2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
fix-workflow-job-step-output
4 years, 5 months ago
patch error due to int Content-Length
celery 4.4.2 and celery 3.1.26.post2 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| celery | 4.4.2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 4.4.2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
| celery | 3.1.26.post2 | <4.4.0rc5 |
show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841 |
| celery | 3.1.26.post2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 3.1.26.post2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
fix-workflow-job-step-output
4 years, 5 months ago
fix mock of file response for workflow test
celery 4.4.2 and celery 3.1.26.post2 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| celery | 4.4.2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 4.4.2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
| celery | 3.1.26.post2 | <4.4.0rc5 |
show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841 |
| celery | 3.1.26.post2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 3.1.26.post2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
pyup-scheduled-update-2021-11-16
4 years, 5 months ago
Update celery from 4.4.2 to 5.2.0
celery 3.1.26.post2 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| celery | 3.1.26.post2 | <4.4.0rc5 |
show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841 |
| celery | 3.1.26.post2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 3.1.26.post2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
fix-workflow-job-step-output
4 years, 5 months ago
Merge remote-tracking branch 'origin/master' into fix-workflow-job-step-output
celery 4.4.2 and celery 3.1.26.post2 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| celery | 4.4.2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 4.4.2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
| celery | 3.1.26.post2 | <4.4.0rc5 |
show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841 |
| celery | 3.1.26.post2 | <5.2.0 |
show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |
| celery | 3.1.26.post2 | <5.2.2 |
show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
Python 3 badge
URL
https://pyup.io/repos/github/crim-ca/weaver/python-3-shield.svg
Markdown
[](https://pyup.io/repos/github/crim-ca/weaver/)
Restructured Text
.. image:: https://pyup.io/repos/github/crim-ca/weaver/python-3-shield.svg
:target: https://pyup.io/repos/github/crim-ca/weaver/
:alt: Python 3
HTML
<a href="https://pyup.io/repos/github/crim-ca/weaver/"><img src="https://pyup.io/repos/github/crim-ca/weaver/shield.svg" alt="Python 3" /></a>
Textile
!https://pyup.io/repos/github/crim-ca/weaver/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/crim-ca/weaver/
RDoc
{<img src="https://pyup.io/repos/github/crim-ca/weaver/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/crim-ca/weaver/]
pyup.io badge
URL
https://pyup.io/repos/github/crim-ca/weaver/shield.svg
Markdown
[](https://pyup.io/repos/github/crim-ca/weaver/)
Restructured Text
.. image:: https://pyup.io/repos/github/crim-ca/weaver/shield.svg
:target: https://pyup.io/repos/github/crim-ca/weaver/
:alt: Updates
HTML
<a href="https://pyup.io/repos/github/crim-ca/weaver/"><img src="https://pyup.io/repos/github/crim-ca/weaver/shield.svg" alt="Updates" /></a>
Textile
!https://pyup.io/repos/github/crim-ca/weaver/shield.svg(Updates)!:https://pyup.io/repos/github/crim-ca/weaver/
RDoc
{<img src="https://pyup.io/repos/github/crim-ca/weaver/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/crim-ca/weaver/]