django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17495
Reference (s):
- https://github.com/celery/django-celery-results/issues/142