Miggo Logo
Miggo Vulnerability Database
CVE-2021-23727

CVE-2021-23727:
OS Command Injection in celery

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-23727
GHSA ID
GHSA-q4xr-rc97-m4xx
EPSS Score
0.83011%
CWE
CWE-77
Published
1/6/2022
Updated
9/6/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
celerypip< 5.2.25.2.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the exception_to_python method in the base backend class. The pre-patch code would: 1) Dynamically load any Python class specified in 'exc_module'/'exc_type' metadata 2) Instantiate it with user-controlled 'exc_message' arguments. The security fix added critical validation (isinstance(cls, type) and issubclass(cls, BaseException)) to prevent non-exception classes from being instantiated. The commit message and CVE description explicitly reference this function as the injection point when processing manipulated task failure metadata from result stores.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T*is *****ts t** p**k*** **l*ry ***or* *.*.*. It *y ****ult trusts t** m*ss***s *n* m*t***t* stor** in ***k*n*s (r*sult stor*s). W**n r***in* t*sk m*t***t* *rom t** ***k*n*, t** **t* is **s*ri*liz**. *iv*n t**t *n *tt**k*r **n **in ****ss to, or som*

Reasoning

T** vuln*r**ility st*ms *rom t** *x**ption_to_pyt*on m*t*o* in t** **s* ***k*n* *l*ss. T** pr*-p*t** *o** woul*: *) *yn*mi**lly lo** *ny Pyt*on *l*ss sp**i*i** in '*x*_mo*ul*'/'*x*_typ*' m*t***t* *) Inst*nti*t* it wit* us*r-*ontroll** '*x*_m*ss***' *