CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-11981

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.9

EPSS Ranking 99.5%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2020-11981

Apache » Airflow » Version: N/A

cpe:2.3:a:apache:airflow:-
Apache » Airflow » Version: 0.1

cpe:2.3:a:apache:airflow:0.1
Apache » Airflow » Version: 0.2

cpe:2.3:a:apache:airflow:0.2
Apache » Airflow » Version: 0.2.1

cpe:2.3:a:apache:airflow:0.2.1
Apache » Airflow » Version: 0.2.2

cpe:2.3:a:apache:airflow:0.2.2
Apache » Airflow » Version: 0.2.3

cpe:2.3:a:apache:airflow:0.2.3
Apache » Airflow » Version: 0.3

cpe:2.3:a:apache:airflow:0.3
Apache » Airflow » Version: 0.3.1

cpe:2.3:a:apache:airflow:0.3.1
Apache » Airflow » Version: 0.3.2

cpe:2.3:a:apache:airflow:0.3.2
Apache » Airflow » Version: 0.4

cpe:2.3:a:apache:airflow:0.4
Apache » Airflow » Version: 0.4.1

cpe:2.3:a:apache:airflow:0.4.1
Apache » Airflow » Version: 0.4.2

cpe:2.3:a:apache:airflow:0.4.2
Apache » Airflow » Version: 0.4.3

cpe:2.3:a:apache:airflow:0.4.3
Apache » Airflow » Version: 0.4.5

cpe:2.3:a:apache:airflow:0.4.5
Apache » Airflow » Version: 0.4.6

cpe:2.3:a:apache:airflow:0.4.6
Apache » Airflow » Version: 0.5.0

cpe:2.3:a:apache:airflow:0.5.0
Apache » Airflow » Version: 1.0.0

cpe:2.3:a:apache:airflow:1.0.0
Apache » Airflow » Version: 1.0.1

cpe:2.3:a:apache:airflow:1.0.1
Apache » Airflow » Version: 1.1.0

cpe:2.3:a:apache:airflow:1.1.0
Apache » Airflow » Version: 1.1.1

cpe:2.3:a:apache:airflow:1.1.1
Apache » Airflow » Version: 1.10.0

cpe:2.3:a:apache:airflow:1.10.0
Apache » Airflow » Version: 1.10.1

cpe:2.3:a:apache:airflow:1.10.1
Apache » Airflow » Version: 1.10.10

cpe:2.3:a:apache:airflow:1.10.10
Apache » Airflow » Version: 1.10.2

cpe:2.3:a:apache:airflow:1.10.2
Apache » Airflow » Version: 1.10.5

cpe:2.3:a:apache:airflow:1.10.5
Apache » Airflow » Version: 1.10.6

cpe:2.3:a:apache:airflow:1.10.6
Apache » Airflow » Version: 1.10.7

cpe:2.3:a:apache:airflow:1.10.7
Apache » Airflow » Version: 1.10.8

cpe:2.3:a:apache:airflow:1.10.8
Apache » Airflow » Version: 1.10.9

cpe:2.3:a:apache:airflow:1.10.9
Apache » Airflow » Version: 1.2.0

cpe:2.3:a:apache:airflow:1.2.0
Apache » Airflow » Version: 1.3.0

cpe:2.3:a:apache:airflow:1.3.0
Apache » Airflow » Version: 1.4.0

cpe:2.3:a:apache:airflow:1.4.0
Apache » Airflow » Version: 1.4.1

cpe:2.3:a:apache:airflow:1.4.1
Apache » Airflow » Version: 1.5.0

cpe:2.3:a:apache:airflow:1.5.0
Apache » Airflow » Version: 1.5.1

cpe:2.3:a:apache:airflow:1.5.1
Apache » Airflow » Version: 1.5.2

cpe:2.3:a:apache:airflow:1.5.2
Apache » Airflow » Version: 1.6.0

cpe:2.3:a:apache:airflow:1.6.0
Apache » Airflow » Version: 1.6.1

cpe:2.3:a:apache:airflow:1.6.1
Apache » Airflow » Version: 1.6.2

cpe:2.3:a:apache:airflow:1.6.2
Apache » Airflow » Version: 1.7.0

cpe:2.3:a:apache:airflow:1.7.0
Apache » Airflow » Version: 1.7.1

cpe:2.3:a:apache:airflow:1.7.1
Apache » Airflow » Version: 1.7.1.1

cpe:2.3:a:apache:airflow:1.7.1.1
Apache » Airflow » Version: 1.7.1.2

cpe:2.3:a:apache:airflow:1.7.1.2
Apache » Airflow » Version: 1.7.1.3

cpe:2.3:a:apache:airflow:1.7.1.3
Apache » Airflow » Version: 1.8.0

cpe:2.3:a:apache:airflow:1.8.0
Apache » Airflow » Version: 1.8.1

cpe:2.3:a:apache:airflow:1.8.1
Apache » Airflow » Version: 1.8.2

cpe:2.3:a:apache:airflow:1.8.2
Apache » Airflow » Version: 1.9.0

cpe:2.3:a:apache:airflow:1.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-11981

Products

Pricing

Contact Us