Detections
Analytics

Redis EVAL Lua Sandbox Escape

critical Nessus Plugin ID 111108

Language:

Synopsis

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.

Description

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.

Solution

Update to redis 3.0.2 or later

See Also

http://www.nessus.org/u?d07c07d6

Plugin Details

Severity: Critical

ID: 111108

File Name: redis_lua_sandbox_bypass.nasl

Version: 1.4

Type: remote

Family: Misc.

Published: 4/30/2018

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:pivotal_software:redis

Required KB Items: Host/local_checks_enabled

Patch Publication Date: 9/6/2015

Vulnerability Publication Date: 9/6/2015