CVE-2022-30034

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes...

USN-6206-1 linux-oem-5.17 vulnerabilities

Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-35788, LP: 2023577 It was discovered that the NTFS...

Authentication Bypass

flower is vulnerable to authentication bypass. The vulnerability exists because the library does not properly restrict the access path which allows an attacker to gain access and change system data...

apache-airflow-providers-celery (>=2.1.0 <=2.1.0rc2), celery-director (>=0.5.0 <=0.6.0) +4 more potentially affected by CVE-2022-30034 via flower (>=0.9.3 <=1.1.0)

flower PYPI version =0.9.3, =2.1.0, =0.5.0, =0.6.0, =0.2.1a0, =2.10.9 Source cves: CVE-2022-30034 Source advisory: OSV:PYSEC-2022-42973...

Flower 授权问题漏洞

Flower is a Web-based, real-time monitoring and management of Celery distributed task queues. A denial of service vulnerability exists in the May 2, 2022 version of Flower and prior versions, which stems from being vulnerable to OAuth authentication bypass. An attacker can use this vulnerability ...

PT-2022-19979 · Flower +1 · Flower +1

Name of the Vulnerable Software and Affected Versions: Flower versions prior to 1.2.0 Description: The issue is related to an OAuth authentication bypass in Flower, a web UI for the Celery Python RPC framework. This allows an attacker to access the Flower API, enabling them to discover and invoke...

Flower Cross-Site Scripting Vulnerability

Flower is a web-based tool for monitoring and managing Celery clusters. A cross-site scripting vulnerability exists in Flower version 0.9.3, which stems from a lack of proper validation of client-side data by the WEB application and can be exploited by an attacker to execute client-side code...

Flower Cross-Site Scripting Vulnerability (CNVD-2019-35802)

Flower is a web-based tool for monitoring and managing Celery clusters. A cross-site scripting vulnerability exists in Flower version 0.9.3, which stems from a lack of proper validation of client-side data by the WEB application and can be exploited by an attacker to execute client-side code...