What is CVE-2021-23727?

CVE-2021-23727 is a high-severity vulnerability in Celery. CVSS score: 7.5/10. Published 2021-12-29.

How severe is CVE-2021-23727?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2021-23727 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Celery

CVE-2021-23727

This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access…

EPSS: 0.014 (80.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C.

Affected products

N/a Celery — versions unspecified

Public proof-of-concept exploits

References

snyk.io/vuln/SNYK-PYTHON-CELERY-2314953 (x_refsource_MISC)
github.com/celery/celery/blob/master/Changelog.rst#522 (x_refsource_MISC)
FEDORA-2022-1dae017601 (vendor-advisory, x_refsource_FEDORA)

Frequently asked questions

What is CVE-2021-23727?: CVE-2021-23727 is a high-severity vulnerability in Celery. CVSS score: 7.5/10. Published 2021-12-29.
How severe is CVE-2021-23727?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2021-23727 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.