Lucene search

K
cvelistApacheCVELIST:CVE-2020-11982
HistoryJul 16, 2020 - 11:21 p.m.

CVE-2020-11982

2020-07-1623:21:25
apache
www.cve.org

9.6 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.9%

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.

CNA Affected

[
  {
    "product": "Apache Airflow",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "1.10.10 and below"
      }
    ]
  }
]

9.6 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.9%

Related for CVELIST:CVE-2020-11982