CVE-2020-11981: OS Command Injection
(updated )
An issue was found in Apache Airflow. When using CeleryExecutor
, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.
References
Detect and mitigate CVE-2020-11981 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →