CVE-2019-16926

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-16926

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16926.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-16926

Published

2019-09-28T00:15:10.467Z

Modified

2026-03-14T09:32:07.357714Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has full access

References

https://fatihhcelik.blogspot.com/2019/09/flower-100-has-xss-via-crafted-worker.html

Affected packages

Git / github.com/mher/flower

Affected ranges

Type

GIT

Repo

https://github.com/mher/flower

Events

Introduced

Last affected

ad3a68eb7296b732f3555a6ef808987c763d8e8d

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0"
        }
    ]
}

Affected versions

v0.*

v0.2

v0.3

v0.4

v0.5

v0.5.1

v0.5.2

v0.6

v0.7

v0.8

v1.*

v1.0.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16926.json"