Name | redis_sandbox_escape_rce |
CVE | CVE-2022-0543 |
Exploit Pack | CANVAS |
Description | redis_sandbox_escape_rce |
Notes | CVE Name: CVE-2022-0543 NOTES: Redis an open source, in memory data structure store, is vulnerable to a lua sandbox escape. The vulnerability occurs due to the lua library being provided as a dynamic library (Debian-specific). An attacker can leverage this to escape sandbox restrictions and access arbitrary lua functionality. Fixed in versions redis/5:6.0.16-1+deb11u2, redis/5:5.0.14-1+deb10u2, redis/5:6.0.16-2, redis/5:7.0~rc2-2. Tested against: - 5.0.7 CVE Url: https://nvd.nist.gov/vuln/detail/CVE-2022-0543 CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Date public: 02/18/2022 |
Learn more about the CANVAS Exploit Pack here: CANVAS |