Vulnerability in Celeryproject Celery

CVE-2011-4356

Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryd_detach, celeryd-multi, and celeryev, which allow…

EPSS: 0.000 (15.0th percentile) — read the EPSS interpretation.

Affected products

Celeryproject Celery — versions 2.1.0, 2.2.0, 2.2.1
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

46973 (x_refsource_SECUNIA, third-party-advisory)
50825 (vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
secalert@redhat.com (x_refsource_CONFIRM)