VDB
CVE-2020-11981
CVE-2020-11981
PUBLISHED
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.
EPSS 91.59% · 99.7th percentile
Risk Scores
EPSS Score
91.59%
99.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | airflow | 0 |
| Bitnami | airflow | 0, 0, 0 |
Exploit Intelligence
- Evillm/CVE-2020-11981-PoC (github-poc-repo)
- Evillm/CVE-2020-11981-PoC (github-poc-repo)
- Evillm/CVE-2020-11981-PoC (github-poc-repo)
- Evillm/CVE-2020-11981-PoC (github-poc-repo)
- Evillm/CVE-2020-11981-PoC (github-poc-repo)
- Evillm/CVE-2020-11981-PoC (github-poc-repo)
- Evillm/CVE-2020-11981-PoC (github-poc-repo)
- Evillm/CVE-2020-11981-PoC (github-poc-repo)
- Evillm/CVE-2020-11981-PoC (github-poc-repo)
- Evillm/CVE-2020-11981-PoC (github-poc)
…and 9 more exploits
Timeline
- Jul 16, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- May 12, 2023 EPSS Score
- May 19, 2023 EPSS Score
- Jun 8, 2023 EPSS Score
- Apr 17, 2024 EPSS Score
- Aug 4, 2024 CVE Updated