CVE-2024-31227

Published Oct 7, 2024

Last updated a month ago

CVSS medium 4.4

Overview

Description
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.4
Impact score
3.6
Exploitability score
0.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Severity
MEDIUM

Weaknesses

security-advisories@github.com
CWE-20

Social media

Hype score
Not currently trending

  1. Actively exploited CVE : CVE-2024-31227

    @transilienceai

    30 Oct 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Actively exploited CVE : CVE-2024-31227

    @transilienceai

    29 Oct 2024

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Actively exploited CVE : CVE-2024-31227

    @transilienceai

    25 Oct 2024

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2024-31227

    @transilienceai

    20 Oct 2024

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2024-31227

    @transilienceai

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

References