- Description
- Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7
- Impact score
- 5.9
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-416
- Hype score
- Not currently trending
Vulnerabilidades críticas en servidor Redis permiten DoS y RCE CVE-2024-51741 CVE-2024-46981 https://t.co/48klAvZlN0 https://t.co/M2N6ARxFHr
@elhackernet
9 Jan 2025
2591 Impressions
3 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes
#Vulnerability #CVE202446981 CVE-2024-51741 and CVE-2024-46981: Redis Flaws Expose Millions to DoS and RCE Risks https://t.co/aG6B3yy04H
@Komodosec
8 Jan 2025
45 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Threat Alert: CVE-2024-51741 and CVE-2024-46981: Redis Flaws Expose Millions to DoS and RCE Ri CVE-2024-51741 CVE-2024-46981 Severity: ⚠️ Critical Maturity: 💢 Emerging Learn more: https://t.co/1KpoHxpE9W #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
8 Jan 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Redis was affected by CVE-2024-51741 and CVE-2024-46981 https://t.co/sja0E3FSCZ
@WhalersLtd
7 Jan 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Redis was affected by CVE-2024-51741 and CVE-2024-46981 #Redis #CVE-2024-51741 #CVE-2024-46981 https://t.co/9YuIhmncqN
@pravin_karthik
7 Jan 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[주의] redis 취약점 (CVE-2024-51741, CVE-2024-46981) 보안패치 하세요 https://t.co/IRINL7AucR
@virusmyths
7 Jan 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Redisに遠隔コード実行(RCE)の脆弱性。CVE-2024-46981はCVSSスコア7.0で、細工されたLuaスクリプトからガベージコレクターを操作することでのRCEの可能性。6?2、7.2、7.4各系統で修正あり。緩和策はACLでのEVALとEVALSHAの両コマンドの制限。 https://t.co/n16FmWQYxM
@__kokumoto
7 Jan 2025
804 Impressions
3 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2024-51741 and CVE-2024-46981: Redis Flaws Expose Millions to DoS and RCE Risks https://t.co/9CcFm0J5eb
@Dinosn
7 Jan 2025
2520 Impressions
10 Retweets
34 Likes
12 Bookmarks
0 Replies
0 Quotes
🚨🚨Redis Flaws Expose Millions to DoS and RCE Risks CVE-2024-46981: Redis' Lua library commands may lead to remote code execution CVE-2024-51741: Redis allows denial-of-service due to malformed ACL selectors ZoomEye Dork👉app="Redis" 3m+ results are found on ZoomEye. ZoomEye…
@zoomeye_team
7 Jan 2025
674 Impressions
3 Retweets
9 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2024-46981 Remote Code Execution in Redis via Crafting Lua Scripts Redis is an open-source database that stores data in-memory and saves it on disk. Authenticated users might use a crafted Lua script to contr... https://t.co/ZtrDaOUiy3
@VulmonFeeds
7 Jan 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-51741 and CVE-2024-46981: Redis Flaws Expose Millions to #DoS and #RCE Risks Protect your #Redis database from vulnerabilities. Learn about the risks of CVE-2024-51741 and CVE-2024-46981 and how to mitigate them https://t.co/KrHJZPFOrl
@the_yellow_fall
7 Jan 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes