CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-11982

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.057

EPSS Ranking 90.0%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2020-11982

Apache » Airflow » Version: N/A

cpe:2.3:a:apache:airflow:-
Apache » Airflow » Version: 0.1

cpe:2.3:a:apache:airflow:0.1
Apache » Airflow » Version: 0.2

cpe:2.3:a:apache:airflow:0.2
Apache » Airflow » Version: 0.2.1

cpe:2.3:a:apache:airflow:0.2.1
Apache » Airflow » Version: 0.2.2

cpe:2.3:a:apache:airflow:0.2.2
Apache » Airflow » Version: 0.2.3

cpe:2.3:a:apache:airflow:0.2.3
Apache » Airflow » Version: 0.3

cpe:2.3:a:apache:airflow:0.3
Apache » Airflow » Version: 0.3.1

cpe:2.3:a:apache:airflow:0.3.1
Apache » Airflow » Version: 0.3.2

cpe:2.3:a:apache:airflow:0.3.2
Apache » Airflow » Version: 0.4

cpe:2.3:a:apache:airflow:0.4
Apache » Airflow » Version: 0.4.1

cpe:2.3:a:apache:airflow:0.4.1
Apache » Airflow » Version: 0.4.2

cpe:2.3:a:apache:airflow:0.4.2
Apache » Airflow » Version: 0.4.3

cpe:2.3:a:apache:airflow:0.4.3
Apache » Airflow » Version: 0.4.5

cpe:2.3:a:apache:airflow:0.4.5
Apache » Airflow » Version: 0.4.6

cpe:2.3:a:apache:airflow:0.4.6
Apache » Airflow » Version: 0.5.0

cpe:2.3:a:apache:airflow:0.5.0
Apache » Airflow » Version: 1.0.0

cpe:2.3:a:apache:airflow:1.0.0
Apache » Airflow » Version: 1.0.1

cpe:2.3:a:apache:airflow:1.0.1
Apache » Airflow » Version: 1.1.0

cpe:2.3:a:apache:airflow:1.1.0
Apache » Airflow » Version: 1.1.1

cpe:2.3:a:apache:airflow:1.1.1
Apache » Airflow » Version: 1.10.0

cpe:2.3:a:apache:airflow:1.10.0
Apache » Airflow » Version: 1.10.1

cpe:2.3:a:apache:airflow:1.10.1
Apache » Airflow » Version: 1.10.10

cpe:2.3:a:apache:airflow:1.10.10
Apache » Airflow » Version: 1.10.2

cpe:2.3:a:apache:airflow:1.10.2
Apache » Airflow » Version: 1.10.5

cpe:2.3:a:apache:airflow:1.10.5
Apache » Airflow » Version: 1.10.6

cpe:2.3:a:apache:airflow:1.10.6
Apache » Airflow » Version: 1.10.7

cpe:2.3:a:apache:airflow:1.10.7
Apache » Airflow » Version: 1.10.8

cpe:2.3:a:apache:airflow:1.10.8
Apache » Airflow » Version: 1.10.9

cpe:2.3:a:apache:airflow:1.10.9
Apache » Airflow » Version: 1.2.0

cpe:2.3:a:apache:airflow:1.2.0
Apache » Airflow » Version: 1.3.0

cpe:2.3:a:apache:airflow:1.3.0
Apache » Airflow » Version: 1.4.0

cpe:2.3:a:apache:airflow:1.4.0
Apache » Airflow » Version: 1.4.1

cpe:2.3:a:apache:airflow:1.4.1
Apache » Airflow » Version: 1.5.0

cpe:2.3:a:apache:airflow:1.5.0
Apache » Airflow » Version: 1.5.1

cpe:2.3:a:apache:airflow:1.5.1
Apache » Airflow » Version: 1.5.2

cpe:2.3:a:apache:airflow:1.5.2
Apache » Airflow » Version: 1.6.0

cpe:2.3:a:apache:airflow:1.6.0
Apache » Airflow » Version: 1.6.1

cpe:2.3:a:apache:airflow:1.6.1
Apache » Airflow » Version: 1.6.2

cpe:2.3:a:apache:airflow:1.6.2
Apache » Airflow » Version: 1.7.0

cpe:2.3:a:apache:airflow:1.7.0
Apache » Airflow » Version: 1.7.1

cpe:2.3:a:apache:airflow:1.7.1
Apache » Airflow » Version: 1.7.1.1

cpe:2.3:a:apache:airflow:1.7.1.1
Apache » Airflow » Version: 1.7.1.2

cpe:2.3:a:apache:airflow:1.7.1.2
Apache » Airflow » Version: 1.7.1.3

cpe:2.3:a:apache:airflow:1.7.1.3
Apache » Airflow » Version: 1.8.0

cpe:2.3:a:apache:airflow:1.8.0
Apache » Airflow » Version: 1.8.1

cpe:2.3:a:apache:airflow:1.8.1
Apache » Airflow » Version: 1.8.2

cpe:2.3:a:apache:airflow:1.8.2
Apache » Airflow » Version: 1.9.0

cpe:2.3:a:apache:airflow:1.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-11982

Products

Pricing

Contact Us