Reginaldo Silva discovered that due to a packaging issue, a remote attacker with the ability to execute arbitrary Lua scripts could possibly escape the Lua sandbox and execute arbitrary code on the host.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "redis", "binary_version": "5:5.0.7-2ubuntu0.1" }, { "binary_name": "redis-sentinel", "binary_version": "5:5.0.7-2ubuntu0.1" }, { "binary_name": "redis-server", "binary_version": "5:5.0.7-2ubuntu0.1" }, { "binary_name": "redis-tools", "binary_version": "5:5.0.7-2ubuntu0.1" }, { "binary_name": "redis-tools-dbgsym", "binary_version": "5:5.0.7-2ubuntu0.1" } ] }