CVE-2020-17495

NameCVE-2020-17495
Descriptiondjango-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs968305

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
python-django-celery-results (PTS)bullseye, sid, buster1.0.4-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python-django-celery-resultssource(unstable)(unfixed)968305

Notes

[buster] - python-django-celery-results <no-dsa> (Minor issue)
https://github.com/celery/django-celery-results/issues/142
Search for package or bug name: Reporting problems