CVE-2020-11981

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.
Configurations

Configuration 1

cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*

Information

Published : 2020-07-17 12:15

Updated : 2020-07-24 06:19


NVD link : CVE-2020-11981

Mitre link : CVE-2020-11981

Products Affected
No products.
CWE