CVE-2020-11981
CRITICAL9.8EPSS 91.6%Command injection via Celery broker in Apache Airflow
發布日:2020/7/27修改日:2025/4/3
描述
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.
受影響套件(3)
- Bitnami/airflowfrom 0, < 1.10.11
- PyPI/apache-airflowfrom 0, < 1.10.11rc1
- PyPI/apache-airflowfrom 0, < 1.10.11rc1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(8)
- ADVISORYhttps://github.com/advisories/GHSA-976r-qfjj-c24w
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-11981
- PATCHhttps://github.com/apache/airflow
- WEBhttps://github.com/apache/airflow/commit/1dda6fdde7c6bcaf0d6534786beeeba868006dd2
- WEBhttps://github.com/apache/airflow/commit/afa4b11fddfdbadb048f742cf66d5c21c675a5c8
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-15.yaml
- WEBhttps://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E
- WEBhttps://web.archive.org/web/20220427031325/https://issues.apache.org/jira/browse/AIRFLOW-6351