Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
{ "binaries": [ { "binary_name": "redis-server", "binary_version": "2:2.8.4-2ubuntu0.2" }, { "binary_name": "redis-server-dbgsym", "binary_version": "2:2.8.4-2ubuntu0.2" }, { "binary_name": "redis-tools", "binary_version": "2:2.8.4-2ubuntu0.2" }, { "binary_name": "redis-tools-dbgsym", "binary_version": "2:2.8.4-2ubuntu0.2" } ], "ubuntu_priority": "medium", "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "redis-sentinel", "binary_version": "2:3.0.6-1" }, { "binary_name": "redis-server", "binary_version": "2:3.0.6-1" }, { "binary_name": "redis-server-dbgsym", "binary_version": "2:3.0.6-1" }, { "binary_name": "redis-tools", "binary_version": "2:3.0.6-1" }, { "binary_name": "redis-tools-dbgsym", "binary_version": "2:3.0.6-1" } ], "ubuntu_priority": "medium", "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "redis", "binary_version": "5:4.0.9-1" }, { "binary_name": "redis-sentinel", "binary_version": "5:4.0.9-1" }, { "binary_name": "redis-server", "binary_version": "5:4.0.9-1" }, { "binary_name": "redis-tools", "binary_version": "5:4.0.9-1" }, { "binary_name": "redis-tools-dbgsym", "binary_version": "5:4.0.9-1" } ], "ubuntu_priority": "medium", "availability": "No subscription required" }