It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
CVSS Details
- CVSS 3.1 Base Score: 10
- CVSS 3.1 Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Covered by Rapid7
| Product | Vendor Advisory | Solution File | Added | Published |
|---|---|---|---|---|
| Debian | debian-upgrade-redis | Feb 23, 2022 | Feb 18, 2022 | |
| Redislabs Redis | redislabs-redis-upgrade-latest | Apr 17, 2026 | Feb 18, 2022 | |
| Ubuntu | ubuntu-upgrade-redisubuntu-upgrade-redis-server | Mar 8, 2022 | Feb 18, 2022 |
Prioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub