VYPR
Moderate severityNVD Advisory· Published Dec 5, 2011· Updated Jun 16, 2026

CVE-2011-4356

CVE-2011-4356

Description

Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryd_detach, celeryd-multi, and celeryev, which allows local users to gain privileges via vectors involving crafted code that is executed by the worker process.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
celeryPyPI
>= 2.1.0, < 2.2.82.2.8
celeryPyPI
>= 2.3.0, < 2.3.42.3.4
celeryPyPI
>= 2.4.0, < 2.4.42.4.4

Affected products

18
  • cpe:2.3:a:celeryproject:celery:2.1.0:*:*:*:*:*:*:*+ 16 more
    • cpe:2.3:a:celeryproject:celery:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:celeryproject:celery:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:celeryproject:celery:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:celeryproject:celery:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:celeryproject:celery:2.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:celeryproject:celery:2.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:celeryproject:celery:2.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:celeryproject:celery:2.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:celeryproject:celery:2.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:celeryproject:celery:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:celeryproject:celery:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:celeryproject:celery:2.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:celeryproject:celery:2.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:celeryproject:celery:2.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:celeryproject:celery:2.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:celeryproject:celery:2.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:celeryproject:celery:2.4.3:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 2.1.0, < 2.2.8

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.