Attacker Value
Very High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2015-4335 — Redis EVAL Lua Sandbox Escape

Disclosure Date: June 09, 2015
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.

Add Assessment

1
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Very High
Technical Analysis

Ben Murphy’s dissection — https://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/ — is pretty thorough.

General Information

Exploited in the Wild

Reported by:
Technical Analysis