CVE-2024-46981 – Redis Lua Scripting Remote Code Execution Vulnerability

1月 6, 2025
11:17 pm

CVE ID : CVE-2024-46981

Published : Jan. 6, 2025, 10:15 p.m. | 1 hour, 2 minutes ago

Description : Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.

Severity: 7.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-46981 – Redis Lua Scripting Remote Code Execution Vulnerability

Elvescore.io

Recent Posts

CVE-2024-11816 – WordPress WP Extended Remote Code Execution (RCE)

CVE-2024-11916 – “WordPress Toolkit WP Extended Code Injection Vulnerability”

CVE-2024-12112 – WordPress Easy Form Builder Stored Cross-Site Scripting

CVE-2024-12521 – WordPress Slotti Ajanvaraus Stored Cross-Site Scripting Vulnerability

CVE-2024-12713 – WordPress SureForms Information Exposure

CVE-2024-54121 – Oracle Ability Startup Control Denial of Service Vulnerability

CVE-2024-46981 – Redis Lua Scripting Remote Code Execution Vulnerability

CVE-2024-46981 – Redis Lua Scripting Remote Code Execution Vulnerability