Описание
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| redis | fixed | 5:6.0.16-2 | package | |
| redis | not-affected | stretch | package |
Примечания
https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
EPSS
Связанные уязвимости
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
Уязвимость системы управления базами данных (СУБД) Redis операционных систем Debian GNU/Linux, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код
EPSS