CVE-2021-23727

CVE-2021-23727 affects Celery before 5.2.2. An attacker who can access or manipulate task metadata stored in a backend could trigger a stored command injection by deserializing backend metadata. Documented impact is remote command execution when the backend data can be crafted or intercepted by a...

CVE-2011-4356

CVE-2011-4356 affects Celery versions 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4. The issue changes the effective user/group id during processing of the --uid and --gid arguments for celerybeat, celeryd_detach, celeryd-multi, and celeryev, while preserving the real id, enabl...