CVE-2015-4335 - Vulnerability Details

Vendors	Products
Debian	Debian Linux
Redhat	Openstack
Redislabs	Redis

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7
redis-0:2.8.21-1.el7ost	cpe:/a:redhat:openstack:6::el7	RHSA-2015:1676	2015-08-24T00:00:00Z

Link	Providers
http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.html
http://lists.opensuse.org/opensuse-updates/2015-10/msg00014.html
http://rhn.redhat.com/errata/RHSA-2015-1676.html
http://www.debian.org/security/2015/dsa-3279
http://www.openwall.com/lists/oss-security/2015/06/04/12
http://www.openwall.com/lists/oss-security/2015/06/04/8
http://www.openwall.com/lists/oss-security/2015/06/05/3
http://www.securityfocus.com/bid/75034
https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411
https://groups.google.com/forum/#%21msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ
https://nvd.nist.gov/vuln/detail/CVE-2015-4335
https://security.gentoo.org/glsa/201702-16
https://www.cve.org/CVERecord?id=CVE-2015-4335

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-06-04T00:00:00", "descriptions": [{"lang": "en", "value": "Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-14T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411"}, {"name": "FEDORA-2015-9498", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.html"}, {"name": "[oss-security] 20150604 CVE Request: redis Lua sandbox escape and arbitrary code execution", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/06/04/8"}, {"name": "[oss-security] 20150604 Re: CVE Request: redis Lua sandbox escape and arbitrary code execution", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/06/04/12"}, {"name": "openSUSE-SU-2015:1687", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00014.html"}, {"name": "FEDORA-2015-9488", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.html"}, {"name": "RHSA-2015:1676", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1676.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://groups.google.com/forum/#%21msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ"}, {"name": "75034", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/75034"}, {"name": "[oss-security] 20150605 Re: CVE Request: redis Lua sandbox escape and arbitrary code execution", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/06/05/3"}, {"name": "GLSA-201702-16", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201702-16"}, {"tags": ["x_refsource_MISC"], "url": "http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/"}, {"name": "DSA-3279", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3279"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-4335", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411", "refsource": "CONFIRM", "url": "https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411"}, {"name": "FEDORA-2015-9498", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.html"}, {"name": "[oss-security] 20150604 CVE Request: redis Lua sandbox escape and arbitrary code execution", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/06/04/8"}, {"name": "[oss-security] 20150604 Re: CVE Request: redis Lua sandbox escape and arbitrary code execution", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/06/04/12"}, {"name": "openSUSE-SU-2015:1687", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00014.html"}, {"name": "FEDORA-2015-9488", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.html"}, {"name": "RHSA-2015:1676", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1676.html"}, {"name": "https://groups.google.com/forum/#!msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ", "refsource": "CONFIRM", "url": "https://groups.google.com/forum/#!msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ"}, {"name": "75034", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75034"}, {"name": "[oss-security] 20150605 Re: CVE Request: redis Lua sandbox escape and arbitrary code execution", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/06/05/3"}, {"name": "GLSA-201702-16", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201702-16"}, {"name": "http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/", "refsource": "MISC", "url": "http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/"}, {"name": "DSA-3279", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3279"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:11:12.910Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411"}, {"name": "FEDORA-2015-9498", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.html"}, {"name": "[oss-security] 20150604 CVE Request: redis Lua sandbox escape and arbitrary code execution", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/06/04/8"}, {"name": "[oss-security] 20150604 Re: CVE Request: redis Lua sandbox escape and arbitrary code execution", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/06/04/12"}, {"name": "openSUSE-SU-2015:1687", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00014.html"}, {"name": "FEDORA-2015-9488", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.html"}, {"name": "RHSA-2015:1676", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1676.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://groups.google.com/forum/#%21msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ"}, {"name": "75034", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/75034"}, {"name": "[oss-security] 20150605 Re: CVE Request: redis Lua sandbox escape and arbitrary code execution", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/06/05/3"}, {"name": "GLSA-201702-16", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201702-16"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/"}, {"name": "DSA-3279", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3279"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-4335", "datePublished": "2015-06-09T14:00:00", "dateReserved": "2015-06-05T00:00:00", "dateUpdated": "2024-08-06T06:11:12.910Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2015-06-04T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-08-14T15:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411 (string)

}

1 : { »

name : FEDORA-2015-9498 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.html (string)

}

2 : { »

name : [oss-security] 20150604 CVE Request: redis Lua sandbox escape and arbitrary code execution (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://www.openwall.com/lists/oss-security/2015/06/04/8 (string)

}

3 : { »

name : [oss-security] 20150604 Re: CVE Request: redis Lua sandbox escape and arbitrary code execution (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://www.openwall.com/lists/oss-security/2015/06/04/12 (string)

}

4 : { »

name : openSUSE-SU-2015:1687 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-10/msg00014.html (string)

}

5 : { »

name : FEDORA-2015-9488 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.html (string)

}

6 : { »

name : RHSA-2015:1676 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-1676.html (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://groups.google.com/forum/#%21msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ (string)

}

8 : { »

name : 75034 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/75034 (string)

}

9 : { »

name : [oss-security] 20150605 Re: CVE Request: redis Lua sandbox escape and arbitrary code execution (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://www.openwall.com/lists/oss-security/2015/06/05/3 (string)

}

10 : { »

name : GLSA-201702-16 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/201702-16 (string)

}

11 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/ (string)

}

12 : { »

name : DSA-3279 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2015/dsa-3279 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2015-4335 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411 (string)

refsource : CONFIRM (string)

url : https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411 (string)

}

1 : { »

name : FEDORA-2015-9498 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.html (string)

}

2 : { »

name : [oss-security] 20150604 CVE Request: redis Lua sandbox escape and arbitrary code execution (string)

refsource : MLIST (string)

url : http://www.openwall.com/lists/oss-security/2015/06/04/8 (string)

}

3 : { »

name : [oss-security] 20150604 Re: CVE Request: redis Lua sandbox escape and arbitrary code execution (string)

refsource : MLIST (string)

url : http://www.openwall.com/lists/oss-security/2015/06/04/12 (string)

}

4 : { »

name : openSUSE-SU-2015:1687 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-updates/2015-10/msg00014.html (string)

}

5 : { »

name : FEDORA-2015-9488 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.html (string)

}

6 : { »

name : RHSA-2015:1676 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2015-1676.html (string)

}

7 : { »

name : https://groups.google.com/forum/#!msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ (string)

refsource : CONFIRM (string)

url : https://groups.google.com/forum/#!msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ (string)

}

8 : { »

name : 75034 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/75034 (string)

}

9 : { »

name : [oss-security] 20150605 Re: CVE Request: redis Lua sandbox escape and arbitrary code execution (string)

refsource : MLIST (string)

url : http://www.openwall.com/lists/oss-security/2015/06/05/3 (string)

}

10 : { »

name : GLSA-201702-16 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/201702-16 (string)

}

11 : { »

name : http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/ (string)

refsource : MISC (string)

url : http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/ (string)

}

12 : { »

name : DSA-3279 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2015/dsa-3279 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T06:11:12.910Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411 (string)

}

1 : { »

name : FEDORA-2015-9498 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.html (string)

}

2 : { »

name : [oss-security] 20150604 CVE Request: redis Lua sandbox escape and arbitrary code execution (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://www.openwall.com/lists/oss-security/2015/06/04/8 (string)

}

3 : { »

name : [oss-security] 20150604 Re: CVE Request: redis Lua sandbox escape and arbitrary code execution (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://www.openwall.com/lists/oss-security/2015/06/04/12 (string)

}

4 : { »

name : openSUSE-SU-2015:1687 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-10/msg00014.html (string)

}

5 : { »

name : FEDORA-2015-9488 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.html (string)

}

6 : { »

name : RHSA-2015:1676 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-1676.html (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://groups.google.com/forum/#%21msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ (string)

}

8 : { »

name : 75034 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/75034 (string)

}

9 : { »

name : [oss-security] 20150605 Re: CVE Request: redis Lua sandbox escape and arbitrary code execution (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://www.openwall.com/lists/oss-security/2015/06/05/3 (string)

}

10 : { »

name : GLSA-201702-16 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201702-16 (string)

}

11 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/ (string)

}

12 : { »

name : DSA-3279 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2015/dsa-3279 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2015-4335 (string)

datePublished : 2015-06-09T14:00:00 (string)

dateReserved : 2015-06-05T00:00:00 (string)

dateUpdated : 2024-08-06T06:11:12.910Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD1CE4A9-BFA8-42F7-86B7-ABE8D079CFEB", "versionEndIncluding": "2.8.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:redislabs:redis:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3A586960-66FE-4812-AB9F-9C5A745BCC48", "vulnerable": true}, {"criteria": "cpe:2.3:a:redislabs:redis:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "11528338-5A26-4BEF-A7AB-13C2DD28F668", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command."}, {"lang": "es", "value": "Redis anterior a versi\u00f3n 2.8.21 y versiones 3.x y anteriores a 3.0.2, permite a los atacantes remotos ejecutar el c\u00f3digo byte Lua arbitrario por medio del comando eval."}], "id": "CVE-2015-4335", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-06-09T14:59:07.850", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00014.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1676.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3279"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/06/04/12"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/06/04/8"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/06/05/3"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/75034"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411"}, {"source": "cve@mitre.org", "url": "https://groups.google.com/forum/#%21msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201702-16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1676.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3279"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/06/04/12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/06/04/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/06/05/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/75034"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://groups.google.com/forum/#%21msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201702-16"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-17"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:* (string)

matchCriteriaId : AD1CE4A9-BFA8-42F7-86B7-ABE8D079CFEB (string)

versionEndIncluding : 2.8.20 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:redislabs:redis:3.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 3A586960-66FE-4812-AB9F-9C5A745BCC48 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:redislabs:redis:3.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 11528338-5A26-4BEF-A7AB-13C2DD28F668 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* (string)

matchCriteriaId : DEECE5FC-CACF-4496-A3E7-164736409252 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. (string)

}

1 : { »

lang : es (string)

value : Redis anterior a versión 2.8.21 y versiones 3.x y anteriores a 3.0.2, permite a los atacantes remotos ejecutar el código byte Lua arbitrario por medio del comando eval. (string)

}

]

id : CVE-2015-4335 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 10 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:L/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2015-06-09T14:59:07.850 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/ (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.html (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.html (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-10/msg00014.html (string)

}

4 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-1676.html (string)

}

5 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2015/dsa-3279 (string)

}

6 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2015/06/04/12 (string)

}

7 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2015/06/04/8 (string)

}

8 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2015/06/05/3 (string)

}

9 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/75034 (string)

}

10 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411 (string)

}

11 : { »

source : cve@mitre.org (string)

url : https://groups.google.com/forum/#%21msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ (string)

}

12 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.gentoo.org/glsa/201702-16 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/ (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.html (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.html (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-10/msg00014.html (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-1676.html (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2015/dsa-3279 (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2015/06/04/12 (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2015/06/04/8 (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2015/06/05/3 (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/75034 (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411 (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://groups.google.com/forum/#%21msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.gentoo.org/glsa/201702-16 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-17 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2015:1676", "cpe": "cpe:/a:redhat:openstack:6::el7", "package": "redis-0:2.8.21-1.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", "release_date": "2015-08-24T00:00:00Z"}], "bugzilla": {"description": "redis: Lua sandbox escape and arbitrary code execution", "id": "1228327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228327"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.", "A flaw was discovered in redis that could allow an authenticated user, who was able to use the EVAL command to run Lua code, to break out of the Lua sandbox and execute arbitrary code on the system."], "name": "CVE-2015-4335", "package_state": [{"cpe": "cpe:/a:redhat:openstack:7", "fix_state": "Affected", "package_name": "redis", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)"}], "public_date": "2015-06-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-4335\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4335"], "threat_severity": "Important"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2015:1676 (string)

cpe : cpe:/a:redhat:openstack:6::el7 (string)

package : redis-0:2.8.21-1.el7ost (string)

product_name : Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 (string)

release_date : 2015-08-24T00:00:00Z (string)

}

]

bugzilla : { »

description : redis: Lua sandbox escape and arbitrary code execution (string)

id : 1228327 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1228327 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 6.8 (string)

cvss_scoring_vector : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

status : verified (string)

}

details : [ »

0 : Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. (string)

1 : A flaw was discovered in redis that could allow an authenticated user, who was able to use the EVAL command to run Lua code, to break out of the Lua sandbox and execute arbitrary code on the system. (string)

]

name : CVE-2015-4335 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:openstack:7 (string)

fix_state : Affected (string)

package_name : redis (string)

product_name : Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) (string)

}

]

public_date : 2015-06-04T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2015-4335 https://nvd.nist.gov/vuln/detail/CVE-2015-4335 (string)

]

threat_severity : Important (string)

}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object