CVE-2020-11981
Command injection via Celery broker in Apache Airflow
9.8
CRITICAL
CVSS 3.1
EPSS 91.6%
Description
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.
How to fix CVE-2020-11981
To remediate CVE-2020-11981, upgrade the affected package to a fixed version below.
- —upgrade to 1.10.11 or later
- —upgrade to 1.10.11rc1 or later
- —upgrade to 1.10.11rc1 or later
Is CVE-2020-11981 being exploited?
Likely — EPSS is 91.6%, placing CVE-2020-11981 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (3)
- from 0, < 1.10.11
- from 0, < 1.10.11rc1
- from 0, < 1.10.11rc1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |