CVE-2020-13151
- Source
- https://cve.org/CVERecord?id=CVE-2020-13151
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13151.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-13151
- Published
- 2020-08-05T13:15:10.603Z
- Modified
- 2025-11-20T11:10:01.279501Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with network access can use a crafted UDF to execute arbitrary OS commands on all nodes of the cluster at the permission level of the user running the Aerospike service.
- References
-
- http://packetstormsecurity.com/files/160106/Aerospike-Database-5.1.0.3-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/160451/Aerospike-Database-UDF-Lua-Code-Execution.html
- https://b4ny4n.github.io/network-pentest/2020/08/01/cve-2020-13151-poc-aerospike.html
- https://www.aerospike.com/docs/operations/configure/security/access-control/index.html#create-users-and-assign-roles
- https://www.aerospike.com/download/server/notes.html#5.1.0.3
- https://www.aerospike.com/enterprise/download/server/notes.html#5.1.0.3
Affected packages
Git / github.com/aerospike/aerospike-server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/aerospike/aerospike-server
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
4.*
4.0.0.1
4.1.0.1
4.2.0.2
4.3.0.2
4.3.1.3
4.3.1.4
4.4.0.4
4.5.0.1
4.5.1.5
4.5.2.1
4.5.3.10
4.5.3.11
4.5.3.12
4.5.3.13
4.5.3.14
4.5.3.15
4.5.3.16
4.5.3.17
4.5.3.18
4.5.3.19
4.5.3.2
4.5.3.3
4.5.3.4
4.5.3.5
4.5.3.6
4.5.3.7
4.5.3.8
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13151.json"
vanir_signatures
[
{
"source": "https://github.com/aerospike/aerospike-server/commit/e4210e67d2c94be6f5b2f9498e17b8797fd4835c",
"digest": {
"length": 1668.0,
"function_hash": "253069122332726189558927990907365248194"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "as/src/transaction/udf.c",
"function": "as_udf_start"
},
"id": "CVE-2020-13151-06c296b1"
},
{
"source": "https://github.com/aerospike/aerospike-server/commit/e4210e67d2c94be6f5b2f9498e17b8797fd4835c",
"digest": {
"line_hashes": [
"22455773842526794301408086656321645039",
"32152795425802279178797476957557087500",
"190363507864186738405983512308360773499",
"113879003478519394298522289954776836877",
"38595729889410439204960564027621299366",
"120036468284798154917617929109422241060",
"16161199656749405725211745748870052738",
"99449098510128306637886267816956741926"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "as/src/base/scan.c"
},
"id": "CVE-2020-13151-09bf2f13"
},
{
"source": "https://github.com/aerospike/aerospike-server/commit/e4210e67d2c94be6f5b2f9498e17b8797fd4835c",
"digest": {
"line_hashes": [
"302712324662938608444569796492902662847",
"68411424231617555068310505404723177492",
"120742944432993997381765801673393243718",
"197909576909143298330802518677942444028"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "as/include/base/cfg.h"
},
"id": "CVE-2020-13151-3fd1cd46"
},
{
"source": "https://github.com/aerospike/aerospike-server/commit/e4210e67d2c94be6f5b2f9498e17b8797fd4835c",
"digest": {
"length": 1405.0,
"function_hash": "256745808512523035197614737787460322694"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "as/src/base/scan.c",
"function": "aggr_scan_job_start"
},
"id": "CVE-2020-13151-5d11efcf"
},
{
"source": "https://github.com/aerospike/aerospike-server/commit/e4210e67d2c94be6f5b2f9498e17b8797fd4835c",
"digest": {
"length": 1656.0,
"function_hash": "216376558925352772928195571336271450765"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "as/src/base/scan.c",
"function": "udf_bg_scan_job_start"
},
"id": "CVE-2020-13151-69152bf1"
},
{
"source": "https://github.com/aerospike/aerospike-server/commit/e4210e67d2c94be6f5b2f9498e17b8797fd4835c",
"digest": {
"length": 4910.0,
"function_hash": "334180542315967797211392931713379452366"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "as/src/base/thr_info.c",
"function": "info_service_config_get"
},
"id": "CVE-2020-13151-7dc86d13"
},
{
"source": "https://github.com/aerospike/aerospike-server/commit/e4210e67d2c94be6f5b2f9498e17b8797fd4835c",
"digest": {
"length": 4051.0,
"function_hash": "334023043858363065219995347439481972610"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "as/src/base/thr_query.c",
"function": "query_setup"
},
"id": "CVE-2020-13151-9a916b9c"
},
{
"source": "https://github.com/aerospike/aerospike-server/commit/e4210e67d2c94be6f5b2f9498e17b8797fd4835c",
"digest": {
"line_hashes": [
"305367625443653845201617492302973192013",
"238890599193137203576715272047567039955",
"263177662685905238961609455846799239502",
"172727168274454922042447287538045697595",
"205398025090446508955888561867648111045",
"108196368298692426613648564652569063490",
"206381664794011138987489996392002646936",
"200937906415398502217918704285151142664",
"63475408585334497776685577515380679055",
"249863319065901377195001093492397106626",
"150669539495625935520436296182608283122",
"321628611344522217419685275480470658167"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "as/src/base/cfg.c"
},
"id": "CVE-2020-13151-a8dd01db"
},
{
"source": "https://github.com/aerospike/aerospike-server/commit/e4210e67d2c94be6f5b2f9498e17b8797fd4835c",
"digest": {
"line_hashes": [
"125860499790665322865240437054719844180",
"11716189888806726652307737457102325412",
"285391960485756240834853007887752036363"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "as/src/transaction/udf.c"
},
"id": "CVE-2020-13151-cd14ed94"
},
{
"source": "https://github.com/aerospike/aerospike-server/commit/e4210e67d2c94be6f5b2f9498e17b8797fd4835c",
"digest": {
"line_hashes": [
"108187628289546976834131186113918648600",
"327684205307337753576239131026258342649",
"242435643169527584760216303567031417658"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "as/src/base/thr_info.c"
},
"id": "CVE-2020-13151-d1bc66a3"
},
{
"source": "https://github.com/aerospike/aerospike-server/commit/e4210e67d2c94be6f5b2f9498e17b8797fd4835c",
"digest": {
"length": 54577.0,
"function_hash": "25541062654460354938152704273599980560"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "as/src/base/cfg.c",
"function": "as_config_init"
},
"id": "CVE-2020-13151-e23d8d10"
}
]