CVE List

CVE-2020-11981

Severe 9.8

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.

Published July 17, 2020.

Affected software

Get alerts for Apache Airflow

Reference links