SUSE CVE-2021-23727

This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends result stores. When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery...

Mageia: Security Advisory (MGASA-2022-0029)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2022-0029 Updated python-celery packages fix security vulnerability

Stored Command Injection CVE-2021-23727 Also fixes unfulfilled python3.8distbilliard installing pythone-celery...

GHSA-Q4XR-RC97-M4XX OS Command Injection in celery

This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends result stores. When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery...

Command Injection

celery is vulnerable to Command Injection. The vulnerability exists due to lack of input sanitization which allows an attacker to inject and execute malicious commands via base.py...

CVE-2021-23727

This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends result stores. When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery...

PYSEC-2021-858

This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends result stores. When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery...

PT-2021-15547 · Celery +2 · Celery +2

Name of the Vulnerable Software and Affected Versions: celery versions prior to 5.2.2 Description: The issue affects the package by default trusting messages and metadata stored in backends, which can lead to a stored command injection vulnerability when an attacker gains access to or manipulates...

Stored Command Injection

Overview Affected versions of this package are vulnerable to Stored Command Injection. It by default trusts the messages and metadata stored in backends result stores. When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow...

py39-celery -- command injection vulnerability

Snyk reports: This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends result stores. When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within ...

CVE-2019-15029

FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the serviceedit.php file which will insert the malicious command into the database. To trigger the command, one needs to call the services.php file via a GET request with the service id...