CVE-2024-46981
CVSS 3.1 Score 7.0 of 10 (high)
Details
Published Jan 6, 2025
CWE ID 416
Summary
CVE-2024-46981 is a security vulnerability affecting Redis, an in-memory database. This issue permits authenticated users to execute malicious Lua scripts, which can manipulate the garbage collector and potentially result in remote code execution. Version 7.4.2, 7.2.7, and 6.2.17 of Redis have resolved this vulnerability. A workaround involves using access control lists (ACL) to restrict the use of EVAL and EVALSHA commands, thereby preventing users from running Lua scripts and mitigating the risk of exploitation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Redis
Affected Vendors
- Redis Inc.