|
|
描述 据发现,由于打包问题,持久键值数据库 redis 容易出现(特定于 Debian)的 Lua 沙箱逃逸,这可能导致远程代码执行。 参考 https://nvd.nist.gov/vuln/detail/CVE-2022-0543 https://bugs.debian.org/1005787 https://lists.debian.org/debian-security-announce/2022/msg00048.html https://www.debian.org/security/2022/dsa-5081 https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce https://github.com/fengjixuchui/vulnerability-paper/pull/52 |