All versions of Flower, a web UI for the Celery Python RPC framework, as of 05-02-2022 are vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes. A fix was released in version 1.2.0.
This PR contains the following updates:
==1.0.0->==1.2.0GitHub Vulnerability Alerts
CVE-2022-30034
All versions of Flower, a web UI for the Celery Python RPC framework, as of 05-02-2022 are vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes. A fix was released in version 1.2.0.
Release Notes
mher/flower (flower)
### [`v1.2.0`](https://redirect.github.com/mher/flower/compare/v1.1.0...v1.2.0) [Compare Source](https://redirect.github.com/mher/flower/compare/v1.1.0...v1.2.0) ### [`v1.1.0`](https://redirect.github.com/mher/flower/compare/v1.0.0...v1.1.0) [Compare Source](https://redirect.github.com/mher/flower/compare/v1.0.0...v1.1.0)Configuration
π Schedule: Branch creation - "" in timezone UTC, Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.