Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk3NnItcWZqai1jMjR3
Command injection via Celery broker in Apache Airflow
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.
Permalink: https://github.com/advisories/GHSA-976r-qfjj-c24wJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk3NnItcWZqai1jMjR3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 4 years ago
Updated: 5 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Percentage: 0.94996
EPSS Percentile: 0.99486
Identifiers: GHSA-976r-qfjj-c24w, CVE-2020-11981
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-11981
- https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E
- https://github.com/apache/airflow/commit/afa4b11fddfdbadb048f742cf66d5c21c675a5c8
- https://web.archive.org/web/20220427031325/https://issues.apache.org/jira/browse/AIRFLOW-6351
- https://github.com/apache/airflow/commit/1dda6fdde7c6bcaf0d6534786beeeba868006dd2
- https://github.com/advisories/GHSA-976r-qfjj-c24w
- https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-15.yaml
Blast Radius: 31.3
Affected Packages
pypi:apache-airflow
Dependent packages: 314Dependent repositories: 1,554
Downloads: 23,562,448 last month
Affected Version Ranges: >= 0, < 1.10.11rc1
Fixed in: 1.10.11rc1
All affected versions: 1.8.1, 1.8.2, 1.9.0, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.10.5, 1.10.6, 1.10.7, 1.10.8, 1.10.9, 1.10.10
All unaffected versions: 1.10.11, 1.10.12, 1.10.13, 1.10.14, 1.10.15, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.10.0, 2.10.1, 2.10.2, 2.10.3, 2.10.4