10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.019 Low
EPSS
Percentile
86.9%
Redis is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.
A flaw was discovered in redis that could allow an authenticated user, who
was able to use the EVAL command to run Lua code, to break out of the Lua
sandbox and execute arbitrary code on the system. (CVE-2015-4335)
All users of redis are advised to upgrade to these updated packages, which
correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | x86_64 | redis-debuginfo | < 2.8.21-1.el7ost | redis-debuginfo-2.8.21-1.el7ost.x86_64.rpm |
RedHat | 7 | x86_64 | redis | < 2.8.21-1.el7ost | redis-2.8.21-1.el7ost.x86_64.rpm |