{"api_version":"1","generated_at":"2026-04-22T21:38:38+00:00","cve":"CVE-2022-24735","urls":{"html":"https://cve.report/CVE-2022-24735","api":"https://cve.report/api/cve/CVE-2022-24735.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-24735","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-24735"},"summary":{"title":"CVE-2022-24735","description":"Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.","state":"PUBLIC","assigner":"security-advisories@github.com","published_at":"2022-04-27 20:15:00","updated_at":"2023-11-07 03:44:00"},"problem_types":["CWE-94"],"metrics":[],"references":[{"url":"https://security.gentoo.org/glsa/202209-17","name":"GLSA-202209-17","refsource":"GENTOO","tags":[],"title":"Redis: Multiple Vulnerabilities (GLSA 202209-17) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/redis/redis/pull/10651","name":"https://github.com/redis/redis/pull/10651","refsource":"MISC","tags":[],"title":"Lua readonly tables (CVE-2022-24736, CVE-2022-24735) by oranagra · Pull Request #10651 · redis/redis · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4ZK3675DGHVVDOFLJN7WX6YYH27GPMK/","name":"FEDORA-2022-44373f6778","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: redis-6.2.7-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSTPUCAPBRHIFPSCOURR4OYX4E2OISAF/","name":"FEDORA-2022-a0a4c7eb31","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: redis-6.2.7-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/redis/redis/security/advisories/GHSA-647m-2wmq-qmvq","name":"https://github.com/redis/redis/security/advisories/GHSA-647m-2wmq-qmvq","refsource":"CONFIRM","tags":[],"title":"Lua scripts can be manipulated to overcome ACL rules · Advisory · redis/redis · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/redis/redis/releases/tag/6.2.7","name":"https://github.com/redis/redis/releases/tag/6.2.7","refsource":"MISC","tags":[],"title":"Release 6.2.7 · redis/redis · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPYKSG7LKUJGVM2P72EHXKVRVRWHLORX/","name":"FEDORA-2022-6ed1ce2838","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: redis-6.2.7-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20220715-0003/","name":"https://security.netapp.com/advisory/ntap-20220715-0003/","refsource":"CONFIRM","tags":[],"title":"June 2022 Redis Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPYKSG7LKUJGVM2P72EHXKVRVRWHLORX/","name":"FEDORA-2022-6ed1ce2838","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: redis-6.2.7-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/redis/redis/releases/tag/7.0.0","name":"https://github.com/redis/redis/releases/tag/7.0.0","refsource":"MISC","tags":[],"title":"Release 7.0.0 · redis/redis · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4ZK3675DGHVVDOFLJN7WX6YYH27GPMK/","name":"FEDORA-2022-44373f6778","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: redis-6.2.7-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSTPUCAPBRHIFPSCOURR4OYX4E2OISAF/","name":"FEDORA-2022-a0a4c7eb31","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: redis-6.2.7-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","name":"N/A","refsource":"N/A","tags":[],"title":"Oracle Critical Patch Update Advisory - July 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-24735","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24735","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"24735","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24735","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24735","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"36","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24735","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"management_services_for_element_software","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24735","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"management_services_for_netapp_hci","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24735","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_operations_monitor","cpe6":"4.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24735","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_operations_monitor","cpe6":"4.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24735","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_operations_monitor","cpe6":"5.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24735","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redis","cpe5":"redis","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24735","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redis","cpe5":"redis","cpe6":"7.0","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24735","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redis","cpe5":"redis","cpe6":"7.0","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"24735","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redis","cpe5":"redis","cpe6":"7.0","cpe7":"rc3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-24735","qid":"160251","title":"Oracle Enterprise Linux Security Update for redis:6 (ELSA-2022-7541)"},{"cve":"CVE-2022-24735","qid":"160274","title":"Oracle Enterprise Linux Security Update for redis (ELSA-2022-8096)"},{"cve":"CVE-2022-24735","qid":"184172","title":"Debian Security Update for redis (CVE-2022-24735)"},{"cve":"CVE-2022-24735","qid":"240842","title":"Red Hat Update for redis:6 security (RHSA-2022:7541)"},{"cve":"CVE-2022-24735","qid":"240892","title":"Red Hat Update for redis (RHSA-2022:8096)"},{"cve":"CVE-2022-24735","qid":"282657","title":"Fedora Security Update for redis (FEDORA-2022-a0a4c7eb31)"},{"cve":"CVE-2022-24735","qid":"282658","title":"Fedora Security Update for redis (FEDORA-2022-44373f6778)"},{"cve":"CVE-2022-24735","qid":"282724","title":"Fedora Security Update for redis (FEDORA-2022-6ed1ce2838)"},{"cve":"CVE-2022-24735","qid":"354282","title":"Amazon Linux Security Advisory for redis6 : ALAS2022-2022-115"},{"cve":"CVE-2022-24735","qid":"354379","title":"Amazon Linux Security Advisory for redis6 : ALAS2022-2022-199"},{"cve":"CVE-2022-24735","qid":"355285","title":"Amazon Linux Security Advisory for redis6 : ALAS2023-2023-064"},{"cve":"CVE-2022-24735","qid":"356197","title":"Amazon Linux Security Advisory for redis : ALASREDIS6-2023-003"},{"cve":"CVE-2022-24735","qid":"501778","title":"Alpine Linux Security Update for redis"},{"cve":"CVE-2022-24735","qid":"504357","title":"Alpine Linux Security Update for redis"},{"cve":"CVE-2022-24735","qid":"690857","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for redis (cc42db1c-c65f-11ec-ad96-0800270512f4)"},{"cve":"CVE-2022-24735","qid":"710625","title":"Gentoo Linux Redis Multiple Vulnerabilities (GLSA 202209-17)"},{"cve":"CVE-2022-24735","qid":"753389","title":"SUSE Enterprise Linux Security Update for redis (SUSE-SU-2022:1929-1)"},{"cve":"CVE-2022-24735","qid":"753479","title":"SUSE Enterprise Linux Security Update for redis (SUSE-SU-2022:1842-1)"},{"cve":"CVE-2022-24735","qid":"901295","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for redis (9627)"},{"cve":"CVE-2022-24735","qid":"901608","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for redis (9598)"},{"cve":"CVE-2022-24735","qid":"902320","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for redis (9598-1)"},{"cve":"CVE-2022-24735","qid":"902478","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for redis (9627-1)"},{"cve":"CVE-2022-24735","qid":"940762","title":"AlmaLinux Security Update for redis:6 (ALSA-2022:7541)"},{"cve":"CVE-2022-24735","qid":"940817","title":"AlmaLinux Security Update for redis (ALSA-2022:8096)"},{"cve":"CVE-2022-24735","qid":"960465","title":"Rocky Linux Security Update for redis:6 (RLSA-2022:7541)"},{"cve":"CVE-2022-24735","qid":"960477","title":"Rocky Linux Security Update for redis (RLSA-2022:8096)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security-advisories@github.com","ID":"CVE-2022-24735","STATE":"PUBLIC","TITLE":"Lua scripts can be manipulated to overcome ACL rules in Redis"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"redis","version":{"version_data":[{"version_value":"< 7.0.0"},{"version_value":">= 6.0.0, < 6.2.7"}]}}]},"vendor_name":"redis"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules."}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":3.9,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}]},"references":{"reference_data":[{"name":"https://github.com/redis/redis/security/advisories/GHSA-647m-2wmq-qmvq","refsource":"CONFIRM","url":"https://github.com/redis/redis/security/advisories/GHSA-647m-2wmq-qmvq"},{"name":"https://github.com/redis/redis/pull/10651","refsource":"MISC","url":"https://github.com/redis/redis/pull/10651"},{"name":"https://github.com/redis/redis/releases/tag/6.2.7","refsource":"MISC","url":"https://github.com/redis/redis/releases/tag/6.2.7"},{"name":"https://github.com/redis/redis/releases/tag/7.0.0","refsource":"MISC","url":"https://github.com/redis/redis/releases/tag/7.0.0"},{"refsource":"FEDORA","name":"FEDORA-2022-6ed1ce2838","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPYKSG7LKUJGVM2P72EHXKVRVRWHLORX/"},{"refsource":"FEDORA","name":"FEDORA-2022-a0a4c7eb31","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSTPUCAPBRHIFPSCOURR4OYX4E2OISAF/"},{"refsource":"FEDORA","name":"FEDORA-2022-44373f6778","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4ZK3675DGHVVDOFLJN7WX6YYH27GPMK/"},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20220715-0003/","url":"https://security.netapp.com/advisory/ntap-20220715-0003/"},{"refsource":"GENTOO","name":"GLSA-202209-17","url":"https://security.gentoo.org/glsa/202209-17"}]},"source":{"advisory":"GHSA-647m-2wmq-qmvq","discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2022-04-27 20:15:00","lastModifiedDate":"2023-11-07 03:44:00","problem_types":["CWE-94"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redis:redis:7.0:rc2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redis:redis:7.0:rc3:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redis:redis:7.0:rc1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*","versionEndExcluding":"6.2.7","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"24735","Ordinal":"228243","Title":"CVE-2022-24735","CVE":"CVE-2022-24735","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"24735","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}