5.9

CVE-2021-31294

Exploit
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedisRedis Version < 6.2.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.31% 0.669
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://github.com/redis/redis/commit/46f4ebbe842620f0976a36741a72482620aa4b48
Patch
https://github.com/redis/redis/commit/6cbea7d29b5285692843bc1c351abba1a7ef326f
Patch
https://github.com/redis/redis/issues/8712
Third Party Advisory
Exploit
https://security.netapp.com/advisory/ntap-20230814-0007/