CVE-2020-11981
pypi/apache-airflow
OS Command Injection
An issue was found in Apache Airflow. When using CeleryExecutor
, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.
All versions up to 1.10.10
Upgrade to version 1.10.11 or above.
2020-07-27
source |