CVE-2020-11982

CVE-2020-11982

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.

Source: CVE-2020-11982

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다