CVE-2019-16925

Name of the Vulnerable Software and Affected Versions Flower version 0.9.3

Description The issue concerns a potential XSS via the name parameter in an @app.task call. However, the project author disputes the validity of this issue, stating that worker and task names are internal backend configuration options not facing users, and individuals with the rights to change them already possess full access.

Recommendations For Flower version 0.9.3, consider restricting access to the @app.task call to minimize potential risks, as the project author suggests that the configuration options in question are not user-facing and thus may not pose an external threat. At the moment, there is no information about a newer version that contains a fix for this issue.