CNNVD-202510-439 Information
CNNVD ID
CNNVD-202510-439
Related CVE
- CNNVD Published: 2025-10-03
Description (Chinese)
Redis是美国Redis公司的一套开源的使用ANSI C编写、支持网络、可基于内存亦可持久化的日志型、键值(Key-Value)存储数据库,并提供多种语言的API。 Redis 8.2.1及之前版本存在代码注入漏洞,该漏洞源于允许经过身份验证的用户使用特制Lua脚本操作不同LUA对象,可能导致在另一用户环境中运行任意代码。
Description (English)
Redis is an open source for the United States of America, using ANSI C to develop, support networks, store databases based on memory and sustainable log type, key (Key-Value) and provide a multilingual API. The Redis 8.2.1 and previous versions had a code-infusion loophole, which stemmed from allowing a unique Lua script to be used by an identified user to operate different LUA objects, which could lead to any code running in another user environment.
Hazard Level
High
Vulnerability Type
代码注入
Affected Vendor
Redis
Published
2025-10-03
Last Modified
2026-02-24
References
https://github.com/redis/redis/commit/45eac0262028c771b6f5307372814b75f49f7a9e https://github.com/redis/redis/releases/tag/8.2.2 https://github.com/redis/redis/security/advisories/GHSA-qrv7-wcrx-q5jp https://vigilance.fr/vulnerability/Redis-four-vulnerabilities-dated-03-10-2025-48381