You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 22, 2024. It is now read-only.
Affected versions of this package are vulnerable to Stored Command Injection. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.
Overview
Affected versions of this package are vulnerable to Stored Command Injection. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.
https://security.snyk.io/vuln/SNYK-PYTHON-CELERY-2314953
Detailed path:
Introduced through: project@0.0.0 › celery@4.1.0
Completion criteria:
The text was updated successfully, but these errors were encountered: