{"containers":{"cna":{"affected":[{"product":"Apache Airflow","vendor":"Apache Software Foundation","versions":[{"status":"affected","version":"1.10.10 and below"}]}],"descriptions":[{"lang":"en","value":"An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands."}],"problemTypes":[{"descriptions":[{"description":"Remote Code Execution","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2020-07-16T23:21:18.000Z","orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache"},"references":[{"tags":["x_refsource_MISC"],"url":"https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@apache.org","ID":"CVE-2020-11981","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Apache Airflow","version":{"version_data":[{"version_value":"1.10.10 and below"}]}}]},"vendor_name":"Apache Software Foundation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Remote Code Execution"}]}]},"references":{"reference_data":[{"name":"https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E","refsource":"MISC","url":"https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T11:48:57.081Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E"}]}]},"cveMetadata":{"assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","assignerShortName":"apache","cveId":"CVE-2020-11981","datePublished":"2020-07-16T23:21:18.000Z","dateReserved":"2020-04-21T00:00:00.000Z","dateUpdated":"2024-08-04T11:48:57.081Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}