Lucene search
ApacheCVELIST:CVE-2020-11981HistoryJul 16, 2020 - 11:21 p.m.
CVE-2020-11981
2020-07-1623:21:18
apache
www.cve.org
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.
CNA Affected
[
{
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.10.10 and below"
}
]
}
]Related
github
github
Command injection via Celery broker in Apache Airflow
2020-07-27 16:57:33
cve
cve
CVE-2020-11981
2020-07-17 00:15:10
osv
osv
Command injection via Celery broker in Apache Airflow
2020-07-27 16:57:33
BIT-airflow-2020-11981
2024-03-06 11:01:26
PYSEC-2020-15
2020-07-17 00:15:00
prion
prion
Design/Logic Flaw
2020-07-17 00:15:00
nvd
nvd
CVE-2020-11981
2020-07-17 00:15:10
nessus
nessus
Apache Airflow < 1.10.11 Multiple Vulnerabilities
2022-06-13 00:00:00
fortinet
fortinet
Multiple vulnerabilities in Apache Airflow
2022-06-07 00:00:00