← voltar
CVE-2011-4356

CVE-2011-4356

EPSS 0.3%
Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryd_detach, celeryd-multi, and celeryev, which allows local users to gain privileges via vectors involving crafted code that is executed by the worker process.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://secunia.com/advisories/46973https://github.com/ask/celery/blob/master/docs/sec/CELERYSA-0001.txthttps://github.com/ask/celery/pull/544http://www.securityfocus.com/bid/50825