Attacker Value
Very High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2015-4335 — Redis EVAL Lua Sandbox Escape

Disclosure Date: June 09, 2015
Exploited In the Wild
Reported by hrbrmstr
Add any MITRE ATT&CK Tactics to the list below that apply to this CVE.

Description

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.

Technical Analysis