{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-46981", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-09-16T16:10:09.018Z", "datePublished": "2025-01-06T21:11:51.687Z", "dateUpdated": "2025-01-06T21:42:29.135Z"}, "containers": {"cna": {"title": "Redis' Lua library commands may lead to remote code execution", "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "lang": "en", "description": "CWE-416: Use After Free", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c"}, {"name": "https://github.com/redis/redis/releases/tag/6.2.17", "tags": ["x_refsource_MISC"], "url": "https://github.com/redis/redis/releases/tag/6.2.17"}, {"name": "https://github.com/redis/redis/releases/tag/7.2.7", "tags": ["x_refsource_MISC"], "url": "https://github.com/redis/redis/releases/tag/7.2.7"}, {"name": "https://github.com/redis/redis/releases/tag/7.4.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/redis/redis/releases/tag/7.4.2"}], "affected": [{"vendor": "redis", "product": "redis", "versions": [{"version": ">= 7.4.0, < 7.4.2", "status": "affected"}, {"version": ">= 7.2.0, < 7.2.7", "status": "affected"}, {"version": "< 6.2.17", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-01-06T21:11:51.687Z"}, "descriptions": [{"lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands."}], "source": {"advisory": "GHSA-39h2-x6c4-6w4c", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-06T21:41:47.467485Z", "id": "CVE-2024-46981", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-06T21:42:29.135Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-46981", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-06T21:41:47.467485Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-06T21:41:58.543Z"}}], "cna": {"title": "Redis' Lua library commands may lead to remote code execution", "source": {"advisory": "GHSA-39h2-x6c4-6w4c", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "redis", "product": "redis", "versions": [{"status": "affected", "version": ">= 7.4.0, < 7.4.2"}, {"status": "affected", "version": ">= 7.2.0, < 7.2.7"}, {"status": "affected", "version": "< 6.2.17"}]}], "references": [{"url": "https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c", "name": "https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/redis/redis/releases/tag/6.2.17", "name": "https://github.com/redis/redis/releases/tag/6.2.17", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/redis/redis/releases/tag/7.2.7", "name": "https://github.com/redis/redis/releases/tag/7.2.7", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/redis/redis/releases/tag/7.4.2", "name": "https://github.com/redis/redis/releases/tag/7.4.2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416: Use After Free"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-01-06T21:11:51.687Z"}}}, "cveMetadata": {"cveId": "CVE-2024-46981", "state": "PUBLISHED", "dateUpdated": "2025-01-06T21:42:29.135Z", "dateReserved": "2024-09-16T16:10:09.018Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-01-06T21:11:51.687Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands."}], "id": "CVE-2024-46981", "lastModified": "2025-01-06T22:15:09.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-01-06T22:15:09.360", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/redis/redis/releases/tag/6.2.17"}, {"source": "security-advisories@github.com", "url": "https://github.com/redis/redis/releases/tag/7.2.7"}, {"source": "security-advisories@github.com", "url": "https://github.com/redis/redis/releases/tag/7.4.2"}, {"source": "security-advisories@github.com", "url": "https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "redis: Redis' Lua library commands may lead to remote code execution", "id": "2336004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336004"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.", "A flaw was found in the Redis server. This flaw allows an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, potentially leading to remote code execution."], "mitigation": {"lang": "en:us", "value": "A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands."}, "name": "CVE-2024-46981", "package_state": [{"cpe": "cpe:/a:redhat:openshift_lightspeed:0.2", "fix_state": "Affected", "package_name": "openshift-lightspeed-tech-preview/lightspeed-service-api-rhel9", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp-backend-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp-system-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform", "fix_state": "Will not fix", "package_name": "ansible-tower", "product_name": "Red Hat Ansible Automation Platform 1.2"}, {"cpe": "cpe:/a:redhat:discovery:1.0::el8", "fix_state": "Affected", "package_name": "discovery-server-container", "product_name": "Red Hat Discovery"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "redis:6/redis", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "redis", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "redis:7/redis", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-azure-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/instructlab-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Affected", "package_name": "io.hawt-hawtio-integration", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}], "public_date": "2025-01-06T21:11:51Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-46981\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-46981\nhttps://github.com/redis/redis/releases/tag/6.2.17\nhttps://github.com/redis/redis/releases/tag/7.2.7\nhttps://github.com/redis/redis/releases/tag/7.4.2\nhttps://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c"], "statement": "The problem exists in all versions of Redis with Lua scripting.", "threat_severity": "Important"}