Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1ycGM2LWg0NTUtM3J4Nc4AAf1-
Celery local privilege escalation vulnerability
Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryd_detach, celeryd-multi, and celeryev, which allows local users to gain privileges via vectors involving crafted code that is executed by the worker process.
Permalink: https://github.com/advisories/GHSA-rpc6-h455-3rx5JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ycGM2LWg0NTUtM3J4Nc4AAf1-
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 17 days ago
Identifiers: GHSA-rpc6-h455-3rx5, CVE-2011-4356
References:
- https://nvd.nist.gov/vuln/detail/CVE-2011-4356
- https://github.com/celery/celery/pull/544
- https://github.com/celery/celery/commit/53514b158b743678d8993638be5920cd09ccc35c
- https://github.com/celery/celery/commit/73388921731a0e6feb28ab0d389c4f7dc4d524f6
- https://github.com/celery/celery/commit/e0767e40994754fe8482bf4ff622c5c6d0b9f671
- https://github.com/celery/celery/blob/master/docs/sec/CELERYSA-0001.txt
- https://web.archive.org/web/20140722114447/http://secunia.com/advisories/46973
- https://web.archive.org/web/20200305001706/http://www.securityfocus.com/bid/50825
- https://github.com/advisories/GHSA-rpc6-h455-3rx5
Blast Radius: 0.0
Affected Packages
pypi:celery
Dependent packages: 519Dependent repositories: 40,119
Downloads: 10,962,278 last month
Affected Version Ranges: >= 2.4.0, < 2.4.4, >= 2.3.0, < 2.3.4, >= 2.1.0, < 2.2.8
Fixed in: 2.4.4, 2.3.4, 2.2.8
All affected versions: 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.4.0, 2.4.1, 2.4.2, 2.4.3
All unaffected versions: 0.1.2, 0.1.4, 0.1.6, 0.1.7, 0.1.8, 0.1.10, 0.1.11, 0.1.12, 0.1.13, 0.1.14, 0.1.15, 0.2.0, 0.3.0, 0.3.7, 0.3.20, 0.4.0, 0.4.1, 0.6.0, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.2.8, 2.2.9, 2.2.10, 2.3.4, 2.3.5, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.5, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.0.20, 3.0.21, 3.0.22, 3.0.23, 3.0.24, 3.0.25, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.1.13, 3.1.14, 3.1.15, 3.1.16, 3.1.17, 3.1.18, 3.1.19, 3.1.20, 3.1.21, 3.1.22, 3.1.23, 3.1.24, 3.1.25, 4.0.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.7, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0