Vulnerability Details CVE-2024-31227
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.9%
CVSS Severity
CVSS v3 Score 4.4
References
Products affected by CVE-2024-31227
-
cpe:2.3:a:redis:redis:7.0.0
-
cpe:2.3:a:redis:redis:7.0.1
-
cpe:2.3:a:redis:redis:7.0.10
-
cpe:2.3:a:redis:redis:7.0.11
-
cpe:2.3:a:redis:redis:7.0.12
-
cpe:2.3:a:redis:redis:7.0.13
-
cpe:2.3:a:redis:redis:7.0.14
-
cpe:2.3:a:redis:redis:7.0.15
-
cpe:2.3:a:redis:redis:7.0.2
-
cpe:2.3:a:redis:redis:7.0.3
-
cpe:2.3:a:redis:redis:7.0.4
-
cpe:2.3:a:redis:redis:7.0.5
-
cpe:2.3:a:redis:redis:7.0.6
-
cpe:2.3:a:redis:redis:7.0.7
-
cpe:2.3:a:redis:redis:7.0.8
-
cpe:2.3:a:redis:redis:7.0.9
-
cpe:2.3:a:redis:redis:7.2.0
-
cpe:2.3:a:redis:redis:7.2.1
-
cpe:2.3:a:redis:redis:7.2.2
-
cpe:2.3:a:redis:redis:7.2.3
-
cpe:2.3:a:redis:redis:7.2.4
-
cpe:2.3:a:redis:redis:7.2.5
-
cpe:2.3:a:redis:redis:7.4.0