Pivotal + VMware: Transforming how more of the world builds software

All Vulnerability Reports

Redis LUA Exploit





Versions Affected
  • Redis 3.0.1 or older
  • Redis 2.8.20 or older
  • Redis 2.6.x

It was discovered that it is possible to break out of the LUA sandbox in Redis and execute arbitrary code. The user must have access to the Redis process to connect and execute the exploit to take advantage of the vulnerability.

Whilst all Redis instances are password protected and thus protected on the basis only authenticated users have access, new releases will be made available that contain the patched version of Redis.

Affected Pivotal Products and Versions

Severity is high unless otherwise noted.

  • Redis for Pivotal Cloud Foundry 1.4.4 or less

Users of affected versions should apply the following mitigation:

  • A new release of Redis for Pivotal Cloud Foundry will be released which includes Redis 2.8.21 which resolves this vulnerability

Ben Murphy

Contact us