Lucene search

Veracode Vulnerability DatabaseVERACODE:40337

HistoryApr 28, 2023 - 12:57 p.m.

Command Injection

2023-04-2812:57:22

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

redis

command injection

authentication

runtime assertion

termination

server process

0.0004 Low

EPSS

Percentile

5.1%

JSON

redis is vulnerable to Command Injection. The vulnerability allows authenticated users to use the ‘MSETNX’ command to trigger a runtime assertion and termination withing the redis server process.

CPENameOperatorVersion
redis:sideq5:6.0.15-1
redis:sideq5:6.0.9-1
redis:sideq5:6.0.15-1
redis:sideq5:6.0.9-1

Name	Operator	Version
redis:sid	eq	5:6.0.15-1
redis:sid	eq	5:6.0.9-1
redis:sid	eq	5:6.0.15-1
redis:sid	eq	5:6.0.9-1

References

github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9

github.com/redis/redis/releases/tag/7.0.10

github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c

security-tracker.debian.org/tracker/CVE-2023-28425

security.netapp.com/advisory/ntap-20230413-0005/

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for VERACODE:40337