In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.
Metrics
Affected Vendors & Products
References
History
Wed, 11 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-94 | |
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-06-19T00:00:00
Updated: 2024-12-11T17:04:00.808Z
Reserved: 2023-06-19T00:00:00
Link: CVE-2023-35853
Vulnrichment
Updated: 2024-08-02T16:30:45.383Z
NVD
Status : Modified
Published: 2023-06-19T04:15:11.287
Modified: 2024-12-11T17:15:13.037
Link: CVE-2023-35853
Redhat
No data.