Skip to main content

Flower

3 CVEs product

Monthly

CVE-2022-30034 PyPI HIGH POC PATCH This Week

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Python Flower
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
1.3%
CVE-2019-16926 MEDIUM POC This Month

Flower 0.9.3 has XSS via a crafted worker name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flower
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-16925 MEDIUM POC This Month

Flower 0.9.3 has XSS via the name parameter in an @app.task call. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flower
NVD
CVSS 3.1
6.1
EPSS
0.8%
EPSS 1% CVSS 8.6
HIGH POC PATCH This Week

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Python Flower
NVD GitHub VulDB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Flower 0.9.3 has XSS via a crafted worker name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flower
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Flower 0.9.3 has XSS via the name parameter in an @app.task call. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flower
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy