CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2021-23727 – Stored Command Injection
https://notcve.org/view.php?id=CVE-2021-23727
This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. Esto afecta al paquete celery versiones anteriores a 5.2.2. • https://github.com/celery/celery/blob/master/Changelog.rst%23522 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYXRGHWHD2WWMHBWCVD5ULVINPKNY3P5 https://snyk.io/vuln/SNYK-PYTHON-CELERY-2314953 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.9EPSS: 0%CPEs: 17EXPL: 0CVE-2011-4356
https://notcve.org/view.php?id=CVE-2011-4356
Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryd_detach, celeryd-multi, and celeryev, which allows local users to gain privileges via vectors involving crafted code that is executed by the worker process. Celery v2.1 y v2.2 antes de v2.2.8, v2.3 antes de v2.3.4 y v2.4 antes de v2.4.4 cambia el id efectivo pero no el id real durante el procesamiento de los argumentos --uid y --gid a celerybeat, celeryd_detach, celeryd multi y celeryev, lo que permite a usuarios locales conseguir privilegios a través de vectores que implican código diseñado especificamente para este fin que es ejecutado por el proceso de trabajo. • http://secunia.com/advisories/46973 http://www.securityfocus.com/bid/50825 https://github.com/ask/celery/blob/master/docs/sec/CELERYSA-0001.txt https://github.com/ask/celery/pull/544 • CWE-264: Permissions, Privileges, and Access Controls •