{"id":"CVE-2011-4356","details":"Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryd_detach, celeryd-multi, and celeryev, which allows local users to gain privileges via vectors involving crafted code that is executed by the worker process.","aliases":["GHSA-rpc6-h455-3rx5","PYSEC-2011-17"],"modified":"2026-04-10T03:42:04.848217Z","published":"2011-12-05T11:55:07Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/46973"},{"type":"FIX","url":"https://github.com/ask/celery/blob/master/docs/sec/CELERYSA-0001.txt"},{"type":"FIX","url":"https://github.com/ask/celery/pull/544"},{"type":"WEB","url":"http://www.securityfocus.com/bid/50825"}],"schema_version":"1.7.5"}