CVE-2019-16926

Name of the Vulnerable Software and Affected Versions Flower version 0.9.3

Description The issue concerns a potential XSS vulnerability via a crafted worker name. However, the project author disputes its validity, stating that worker and task names are internal backend configuration options not facing users, and individuals with the rights to change them already have full access.

Recommendations For Flower version 0.9.3, consider restricting access to internal backend configuration options to minimize potential risks, as the project author suggests that individuals with access to these options already have full access to the system. At the moment, there is no information about a newer version that contains a fix for this issue.