CVE-2020-11981
published 2020-07-17CVE-2020-11981: An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ)…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | airflow | <= 1.10.10 | — |
| apache_software_foundation | apache_airflow | — | — |