Security advisory for 'python-celery' package in Fedora 3
Reporter | Title | Published | Views | Family All 23 |
---|---|---|---|---|
Veracode | Stored Command Injection | 30 Dec 202102:50 | – | veracode |
FreeBSD | py39-celery -- command injection vulnerability | 9 Dec 202100:00 | – | freebsd |
Fedora | [SECURITY] Fedora 35 Update: python-kombu-5.2.3-1.fc35 | 16 Jan 202201:20 | – | fedora |
Fedora | [SECURITY] Fedora 35 Update: python-celery-5.2.3-2.fc35 | 16 Jan 202201:20 | – | fedora |
Prion | Command injection | 29 Dec 202117:15 | – | prion |
OSV | CVE-2021-23727 | 29 Dec 202117:15 | – | osv |
OSV | OS Command Injection in celery | 6 Jan 202222:22 | – | osv |
OSV | PYSEC-2021-858 | 29 Dec 202117:15 | – | osv |
NVD | CVE-2021-23727 | 29 Dec 202117:15 | – | nvd |
RedhatCVE | CVE-2021-23727 | 5 Jan 202220:54 | – | redhatcve |
# Copyright (C) 2022 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.819550");
script_version("2022-01-20T14:04:39+0000");
script_cve_id("CVE-2021-23727");
script_tag(name:"cvss_base", value:"6.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:P/I:P/A:P");
script_tag(name:"last_modification", value:"2022-01-20 14:04:39 +0000 (Thu, 20 Jan 2022)");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-01-10 17:00:00 +0000 (Mon, 10 Jan 2022)");
script_tag(name:"creation_date", value:"2022-01-16 02:02:59 +0000 (Sun, 16 Jan 2022)");
script_name("Fedora: Security Advisory for python-celery (FEDORA-2022-1dae017601)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC35");
script_xref(name:"Advisory-ID", value:"FEDORA-2022-1dae017601");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYXRGHWHD2WWMHBWCVD5ULVINPKNY3P5");
script_tag(name:"summary", value:"The remote host is missing an update for the 'python-celery'
package(s) announced via the FEDORA-2022-1dae017601 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"An open source asynchronous task queue/job queue based on
distributed message passing. It is focused on real-time
operation, but supports scheduling as well.
The execution units, called tasks, are executed concurrently
on one or more worker nodes using multiprocessing, Eventlet
or gevent. Tasks can execute asynchronously (in the background)
or synchronously (wait until ready).
Celery is used in production systems to process millions of
tasks a day.
Celery is written in Python, but the protocol can be implemented
in any language. It can also operate with other languages using
web hooks.
The recommended message broker is RabbitMQ, but limited support
for Redis, Beanstalk, MongoDB, CouchDB and databases
(using SQLAlchemy or the Django ORM) is also available.");
script_tag(name:"affected", value:"'python-celery' package(s) on Fedora 35.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "FC35") {
if(!isnull(res = isrpmvuln(pkg:"python-celery", rpm:"python-celery~5.2.3~2.fc35", rls:"FC35"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo