Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored Command Injection
Vulnerability Description
This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
celery 命令注入漏洞
Vulnerability Description
celery是开源的一个用于分布式任务队列的包。 celery 5.2.2之前版本存在安全漏洞,该漏洞源于软件缺少防护机制,信任存储在后端(结果存储)中的消息和元数据。 从后端读取任务元数据时,数据被反序列化。 鉴于攻击者可以访问或以某种方式操纵 celery 后端中的元数据,他们可能会触发存储命令注入漏洞并有可能进一步访问系统。
CVSS Information
N/A
Vulnerability Type
N/A