CVE-2020-11981
CRITICAL9.8EPSS 91.6%Command injection via Celery broker in Apache Airflow
Published: 7/27/2020Modified: 4/3/2025
Description
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.
Affected packages (3)
- Bitnami/airflowfrom 0, < 1.10.11
- PyPI/apache-airflowfrom 0, < 1.10.11rc1
- PyPI/apache-airflowfrom 0, < 1.10.11rc1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (8)
- ADVISORYhttps://github.com/advisories/GHSA-976r-qfjj-c24w
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-11981
- PATCHhttps://github.com/apache/airflow
- WEBhttps://github.com/apache/airflow/commit/1dda6fdde7c6bcaf0d6534786beeeba868006dd2
- WEBhttps://github.com/apache/airflow/commit/afa4b11fddfdbadb048f742cf66d5c21c675a5c8
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-15.yaml
- WEBhttps://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E
- WEBhttps://web.archive.org/web/20220427031325/https://issues.apache.org/jira/browse/AIRFLOW-6351