2 matches found
rclone -- Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation
https://github.com/rclone/rclone/security/advisories/GHSA-qw24-gh76-8rvv reports: Rclone is a command-line program to sync files and directories to and from different cloud storage providers.From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of...
PT-2019-14873 · Celery · Flower
Name of the Vulnerable Software and Affected Versions: Flower version 0.9.3 Description: The issue concerns a potential XSS vulnerability via a crafted worker name. However, the project author disputes its validity, stating that worker and task names are internal backend configuration options not...