Description
django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/celery/django-celery-results/issues/142
Scores
CVSS v3
7.5
EPSS
0.0086
EPSS Percentile
53.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-312
Status
published
Products (2)
django-celery-results_project/django-celery-results
< 1.2.1
pypi/django-celery-results
0 - 2.4.0PyPI
Published
Aug 11, 2020
Tracked Since
Feb 18, 2026