CVE-2020-11981
CVE-2020-11981
Vexday Risk Score
30Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS —EPSS 34.0%KEV nãoPoC —Nuclei simMetasploit —Patch —
Ciclo de vida
16 jul 2020Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.
Productos afectados
Apache Software Foundation · Apache Airflow¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →