Improve GHSA-fvx8-v524-8579

G-Rath · G-Rath · commit bdce6337f411 · 2022-07-10T08:04:18.000+12:00
diff --git a/advisories/github-reviewed/2021/06/GHSA-fvx8-v524-8579/GHSA-fvx8-v524-8579.json b/advisories/github-reviewed/2021/06/GHSA-fvx8-v524-8579/GHSA-fvx8-v524-8579.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.2.0",
   "id": "GHSA-fvx8-v524-8579",
-  "modified": "2021-05-17T21:40:19Z",
+  "modified": "2022-07-09T20:04:18Z",
   "published": "2021-06-04T21:46:52Z",
   "aliases": [
     "CVE-2020-17495"
   ],
   "summary": "Cleartext Storage of Sensitive Information",
-  "details": "django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.",
+  "details": "django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.\n\nIn version 2.4.0 this is no longer the default behaviour but can be re-enabled with the `result_extended` flag in which case care should be taken to ensure any sensitive variables are scrubbed - see [here](https://github.com/celery/django-celery-results/issues/154#issuecomment-734706270) for an example.\n\n",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -26,6 +26,9 @@
           "events": [
             {
               "introduced": "0"
+            },
+            {
+              "fixed": "2.4.0"
             }
           ]
         }
@@ -43,6 +46,14 @@
     {
       "type": "WEB",
       "url": "https://github.com/celery/django-celery-results/issues/142"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/celery/django-celery-results/pull/316"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/celery/django-celery-results/issues/154#issuecomment-734706270"
     }
   ],
   "database_specific": {

Original file line number	Diff line number	Diff line change
`@@ -1,13 +1,13 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.2.0",`
`3`	`3`	`"id": "GHSA-fvx8-v524-8579",`
`4`		`- "modified": "2021-05-17T21:40:19Z",`
	`4`	`+ "modified": "2022-07-09T20:04:18Z",`
`5`	`5`	`"published": "2021-06-04T21:46:52Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2020-17495"`
`8`	`8`	`],`
`9`	`9`	`"summary": "Cleartext Storage of Sensitive Information",`
`10`		`- "details": "django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.",`
	`10`	+ "details": "django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.\n\nIn version 2.4.0 this is no longer the default behaviour but can be re-enabled with the `result_extended` flag in which case care should be taken to ensure any sensitive variables are scrubbed - see [here](https://github.com/celery/django-celery-results/issues/154#issuecomment-734706270) for an example.\n\n",
`11`	`11`	`"severity": [`
`12`	`12`	`{`
`13`	`13`	`"type": "CVSS_V3",`
`@@ -26,6 +26,9 @@`
`26`	`26`	`"events": [`
`27`	`27`	`{`
`28`	`28`	`"introduced": "0"`
	`29`	`+ },`
	`30`	`+ {`
	`31`	`+ "fixed": "2.4.0"`
`29`	`32`	`}`
`30`	`33`	`]`
`31`	`34`	`}`
`@@ -43,6 +46,14 @@`
`43`	`46`	`{`
`44`	`47`	`"type": "WEB",`
`45`	`48`	`"url": "https://github.com/celery/django-celery-results/issues/142"`
	`49`	`+ },`
	`50`	`+ {`
	`51`	`+ "type": "WEB",`
	`52`	`+ "url": "https://github.com/celery/django-celery-results/pull/316"`
	`53`	`+ },`
	`54`	`+ {`
	`55`	`+ "type": "WEB",`
	`56`	`+ "url": "https://github.com/celery/django-celery-results/issues/154#issuecomment-734706270"`
`46`	`57`	`}`
`47`	`58`	`],`
`48`	`59`	`"database_specific": {`