Bug ID | 1198952 |
---|---|
Summary | VUL-0: CVE-2022-24735: redis: Lua code injection |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 15.3 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | danilo.spinella@suse.com |
Reporter | Andreas.Stieger@gmx.de |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
In Redis before 6.2.7, by exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. References: https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES