Moderate severityNVD Advisory· Published Dec 5, 2011· Updated Jun 16, 2026
CVE-2011-4356
CVE-2011-4356
Description
Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryd_detach, celeryd-multi, and celeryev, which allows local users to gain privileges via vectors involving crafted code that is executed by the worker process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
celeryPyPI | >= 2.1.0, < 2.2.8 | 2.2.8 |
celeryPyPI | >= 2.3.0, < 2.3.4 | 2.3.4 |
celeryPyPI | >= 2.4.0, < 2.4.4 | 2.4.4 |
Affected products
18cpe:2.3:a:celeryproject:celery:2.1.0:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:celeryproject:celery:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:celeryproject:celery:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:celeryproject:celery:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:celeryproject:celery:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:celeryproject:celery:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:celeryproject:celery:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:celeryproject:celery:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:celeryproject:celery:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:celeryproject:celery:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:celeryproject:celery:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:celeryproject:celery:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:celeryproject:celery:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:celeryproject:celery:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:celeryproject:celery:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:celeryproject:celery:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:celeryproject:celery:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:celeryproject:celery:2.4.3:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
14- github.com/ask/celery/blob/master/docs/sec/CELERYSA-0001.txtnvdPatch
- github.com/advisories/GHSA-rpc6-h455-3rx5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-4356ghsaADVISORY
- github.com/celery/celery/blob/master/docs/sec/CELERYSA-0001.txtghsaWEB
- github.com/celery/celery/commit/53514b158b743678d8993638be5920cd09ccc35cghsaWEB
- github.com/celery/celery/commit/73388921731a0e6feb28ab0d389c4f7dc4d524f6ghsaWEB
- github.com/celery/celery/commit/e0767e40994754fe8482bf4ff622c5c6d0b9f671ghsaWEB
- github.com/celery/celery/pull/544ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/celery/PYSEC-2011-17.yamlghsaWEB
- web.archive.org/web/20140722114447/http://secunia.com/advisories/46973ghsaWEB
- web.archive.org/web/20200305001706/http://www.securityfocus.com/bid/50825ghsaWEB
- secunia.com/advisories/46973nvd
- www.securityfocus.com/bid/50825nvd
- github.com/ask/celery/pull/544nvd
News mentions
0No linked articles in our index yet.