VDB
CVE-2020-17495
CVE-2020-17495
PUBLISHED
django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.
EPSS 0.15% · 35.0th percentile
Risk Scores
EPSS Score
0.15%
35.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | python-django-celery-results | 2.0.0-1, 0 |
| Ubuntu:24.04:LTS | python-django-celery-results | 0, 2.5.1-1ubuntu1 |
| Ubuntu:18.04:LTS | python-django-celery-results | 0, 1.0.1-1 |
| Ubuntu:20.04:LTS | python-django-celery-results | 0, 1.0.4-1 |
| Ubuntu:25.10 | python-django-celery-results | 0, 2.5.1-3 |
Exploit Intelligence
Timeline
- Aug 11, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-17495 third-party-advisory
- https://github.com/celery/django-celery-results/issues/142 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-17495 third-party-advisory