FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
0a38a0d9-757f-4ac3-9561-b439e933dfa9	py39-celery -- command injection vulnerability Snyk reports: This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. Discovery 2021-12-09 Entry 2023-04-09 py39-celery < 5.2.2 CVE-2021-23727 https://osv.dev/vulnerability/PYSEC-2021-858 https://osv.dev/vulnerability/GHSA-q4xr-rc97-m4xx

VuXML ID

Description

0a38a0d9-757f-4ac3-9561-b439e933dfa9

py39-celery -- command injection vulnerability

Snyk reports:

This affects the package celery before 5.2.2.

It by default trusts the messages and metadata stored in backends (result stores).

When reading task metadata from the backend, the data is deserialized.

Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

Discovery 2021-12-09
Entry 2023-04-09
py39-celery

< 5.2.2

CVE-2021-23727
https://osv.dev/vulnerability/PYSEC-2021-858
https://osv.dev/vulnerability/GHSA-q4xr-rc97-m4xx