Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk3NnItcWZqai1jMjR3
Command injection via Celery broker in Apache Airflow
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.
Permalink: https://github.com/advisories/GHSA-976r-qfjj-c24wJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk3NnItcWZqai1jMjR3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 3 years ago
Updated: 3 days ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-976r-qfjj-c24w, CVE-2020-11981
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-11981
- https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E
- https://github.com/apache/airflow/commit/afa4b11fddfdbadb048f742cf66d5c21c675a5c8
- https://web.archive.org/web/20220427031325/https://issues.apache.org/jira/browse/AIRFLOW-6351
- https://github.com/advisories/GHSA-976r-qfjj-c24w
Affected Packages
pypi:apache-airflow
Dependent packages: 265Dependent repositories: 1,554
Downloads: 24,893,359 last month
Affected Version Ranges: < 1.10.11
Fixed in: 1.10.11
All affected versions: 1.8.1, 1.8.2, 1.9.0, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.10.5, 1.10.6, 1.10.7, 1.10.8, 1.10.9, 1.10.10
All unaffected versions: 1.10.11, 1.10.12, 1.10.13, 1.10.14, 1.10.15, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.8.0, 2.8.1, 2.8.2, 2.8.3