CVE-2020-11982
pypi/apache-airflow
Deserialization of Untrusted Data
An issue was found in Apache Airflow. When using CeleryExecutor
, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.
All versions up to 1.10.10
Upgrade to version 1.10.11 or above.
2020-07-27
source |