Lucene search

K

Fedora: Security Advisory for python-celery (FEDORA-2022-1dae017601)

🗓️ 16 Jan 2022 00:00:00Reported by Copyright (C) 2022 Greenbone Networks GmbHType 
openvas
 openvas
🔗 plugins.openvas.org👁 8 Views

Security advisory for 'python-celery' package in Fedora 3

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Veracode
Stored Command Injection
30 Dec 202102:50
veracode
FreeBSD
py39-celery -- command injection vulnerability
9 Dec 202100:00
freebsd
Fedora
[SECURITY] Fedora 35 Update: python-kombu-5.2.3-1.fc35
16 Jan 202201:20
fedora
Fedora
[SECURITY] Fedora 35 Update: python-celery-5.2.3-2.fc35
16 Jan 202201:20
fedora
Prion
Command injection
29 Dec 202117:15
prion
OSV
CVE-2021-23727
29 Dec 202117:15
osv
OSV
OS Command Injection in celery
6 Jan 202222:22
osv
OSV
PYSEC-2021-858
29 Dec 202117:15
osv
NVD
CVE-2021-23727
29 Dec 202117:15
nvd
RedhatCVE
CVE-2021-23727
5 Jan 202220:54
redhatcve
Rows per page
# Copyright (C) 2022 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.819550");
  script_version("2022-01-20T14:04:39+0000");
  script_cve_id("CVE-2021-23727");
  script_tag(name:"cvss_base", value:"6.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:P/I:P/A:P");
  script_tag(name:"last_modification", value:"2022-01-20 14:04:39 +0000 (Thu, 20 Jan 2022)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2022-01-10 17:00:00 +0000 (Mon, 10 Jan 2022)");
  script_tag(name:"creation_date", value:"2022-01-16 02:02:59 +0000 (Sun, 16 Jan 2022)");
  script_name("Fedora: Security Advisory for python-celery (FEDORA-2022-1dae017601)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2022 Greenbone Networks GmbH");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC35");

  script_xref(name:"Advisory-ID", value:"FEDORA-2022-1dae017601");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYXRGHWHD2WWMHBWCVD5ULVINPKNY3P5");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'python-celery'
  package(s) announced via the FEDORA-2022-1dae017601 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"An open source asynchronous task queue/job queue based on
distributed message passing. It is focused on real-time
operation, but supports scheduling as well.

The execution units, called tasks, are executed concurrently
on one or more worker nodes using multiprocessing, Eventlet
or gevent. Tasks can execute asynchronously (in the background)
or synchronously (wait until ready).

Celery is used in production systems to process millions of
tasks a day.

Celery is written in Python, but the protocol can be implemented
in any language. It can also operate with other languages using
web hooks.

The recommended message broker is RabbitMQ, but limited support
for Redis, Beanstalk, MongoDB, CouchDB and databases
(using SQLAlchemy or the Django ORM) is also available.");

  script_tag(name:"affected", value:"'python-celery' package(s) on Fedora 35.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "FC35") {

  if(!isnull(res = isrpmvuln(pkg:"python-celery", rpm:"python-celery~5.2.3~2.fc35", rls:"FC35"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo