3308 matches found
Redis Lua Sandbox Escape Exploit
This Metasploit module exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to disable the package interface, allowing attackers to load arbitrary...
redis -- Multiple vulnerabilities
Aviv Yahav reports: CVE-2022-24735 By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis can inject Lua code that will execute with the potentially higher privileges of another Redis user. CVE-2022-24736 An attacker attempting to load a specially craft...
Redis Lua Sandbox Escape
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Redis Lua Sandbox Escape', 'Description' = %q This module exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was...
Critical Photon OS Security Update - PHSA-2022-3.0-0386
Updates of 'lua' packages of Photon OS have been released...
Critical Photon OS Security Update - PHSA-2022-4.0-0173
Updates of 'sendmail', 'lua' packages of Photon OS have been released...
Critical Photon OS Security Update - PHSA-2022-0386
Updates of 'lua' packages of Photon OS have been released...
Critical Photon OS Security Update - PHSA-2022-0173
Updates of 'sendmail', 'lua' packages of Photon OS have been released...
Lua buffer overflow vulnerability (CNVD-2022-31843)
Lua is a lightweight, extensible open source scripting language from the Lua LUA team. A buffer error vulnerability exists in Lua 5.4.4 and earlier, which stems from the lack of a specific luaKexp2anyregup call in singlevar in lparser.c, resulting in an overread of the heap-based buffer, which...
CVE-2022-29266
In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information...
CVE-2022-29266
In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information...
CVE-2022-29266
In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information...
Information disclosure
In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information...
CVE-2022-29266
Apache APISIX prior to 3.13.1 is affected by an information-disclosure issue in the jwt-auth plugin. The error message returned by the dependency lua-resty-jwt can leak the user’s secret key, enabling leakage of sensitive credentials. Affected product: Apache APISIX (jwt-auth plugin); vulnerable ...
CVE-2022-29266 apisix/jwt-auth may leak secrets in error response
In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information...
CLSA-2022-1650377152 Fix CVE(s): CVE-2020-11724
SECURITY UPDATE: HTTP request smuggling in Lua module - debian/modules/nginx-lua: Fix parsing HTTP headers in the ngx.location.capture API porting an upstream patch 9ab38e8ee35fc08a57636b1b6190dca70b0076fa from https://github.com/openresty/lua-nginx-module - CVE-2020-11724...
Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.
...
USN-5371-1 nginx vulnerabilities
It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue was fixed for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-11724 It was discovered that nginx Lua module mishandled certain input...
CVE-2022-28805
A heap buffer-overflow vulnerability was found in Lua. The flaw occurs due to vulnerable code present in the lparser.c function of Lua that allows the execution of untrusted Lua code into a system, resulting in malicious activity...
CVE-2021-43519 affecting package lua for versions less than 5.4.3-1
CVE-2021-43519 affecting package lua for versions less than 5.4.3-1. A patched version of the package is available...
CVE-2020-15888 affecting package lua for versions less than 5.3.5-11
CVE-2020-15888 affecting package lua for versions less than 5.3.5-11. A patched version of the package is available...