Bug ID 1198952
Summary VUL-0: CVE-2022-24735: redis: Lua code injection
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.3
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee danilo.spinella@suse.com
Reporter Andreas.Stieger@gmx.de
QA Contact qa-bugs@suse.de
Found By ---
Blocker ---

In Redis before 6.2.7, by exploiting weaknesses in the Lua script execution
environment, an attacker with access to Redis can inject Lua code that will
execute with the (potentially higher) privileges of another Redis user.

References:
https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES


You are receiving this mail because: