Описание
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-4335
- https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411
- https://groups.google.com/forum/#!msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ
- https://groups.google.com/forum/#%21msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ
- https://security.gentoo.org/glsa/201702-16
- http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.html
- http://lists.opensuse.org/opensuse-updates/2015-10/msg00014.html
- http://rhn.redhat.com/errata/RHSA-2015-1676.html
- http://www.debian.org/security/2015/dsa-3279
- http://www.openwall.com/lists/oss-security/2015/06/04/12
- http://www.openwall.com/lists/oss-security/2015/06/04/8
- http://www.openwall.com/lists/oss-security/2015/06/05/3
- http://www.securityfocus.com/bid/75034
EPSS
CVE ID
Связанные уязвимости
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to ex ...
Уязвимость системы управления базами данных Redis, позволяющая нарушителю выполнить произвольный Lua-байт-код
EPSS