Is CVE-2020-11981 known to be exploited?

12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Airflow

CVE-2020-11981

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbi…

EPSS: 0.916 (99.7th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Airflow — versions 1.10.10 and below

Public proof-of-concept exploits

Evillm/CVE-2020-11981-PoC
ARPSyndicate/cvemon
Threekiii/Awesome-Exploit
Threekiii/Awesome-POC
Threekiii/Vulhub-Reproduce
XiaomingX/awesome-poc-for-red-team
bakery312/Vulhub-Reproduce
cyberwithcyril/VulhubPenTestingReport
g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks
killvxk/Awesome-Exploit

References

lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428b… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-11981?: CVE-2020-11981 is a vulnerability in Apache Software Foundation Airflow. Published 2020-07-16.
Is CVE-2020-11981 known to be exploited?: 12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.