nvd-json-data-feeds/CVE-2024/CVE-2024-312xx/CVE-2024-31227.json

{
  "id": "CVE-2024-31227",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2024-10-07T20:15:05.050",
  "lastModified": "2024-10-10T12:57:21.987",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
    },
    {
      "lang": "es",
      "value": "Redis es una base de datos de c\u00f3digo abierto en memoria que persiste en el disco. Un usuario autenticado con privilegios suficientes puede crear un selector de ACL mal formado que, cuando se accede a \u00e9l, desencadena un p\u00e1nico del servidor y la consiguiente denegaci\u00f3n de servicio. El problema existe en Redis 7 anterior a las versiones 7.2.6 y 7.4.1. Se recomienda a los usuarios que actualicen la versi\u00f3n. No existen workarounds conocidas para esta vulnerabilidad."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a",
      "source": "security-advisories@github.com"
    },
    {
      "url": "https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh",
      "source": "security-advisories@github.com"
    }
  ]
}
Auto-Update: 2024-10-07T22:00:17.427268+00:00 2024-10-07 22:03:19 +00:00			`{`
			`"id": "CVE-2024-31227",`
			`"sourceIdentifier": "security-advisories@github.com",`
			`"published": "2024-10-07T20:15:05.050",`
Auto-Update: 2024-10-10T14:00:21.253206+00:00 2024-10-10 14:03:23 +00:00			`"lastModified": "2024-10-10T12:57:21.987",`
			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2024-10-07T22:00:17.427268+00:00 2024-10-07 22:03:19 +00:00			`"cveTags": [],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."`
Auto-Update: 2024-10-10T14:00:21.253206+00:00 2024-10-10 14:03:23 +00:00			`},`
			`{`
			`"lang": "es",`
			"value": "Redis es una base de datos de c\u00f3digo abierto en memoria que persiste en el disco. Un usuario autenticado con privilegios suficientes puede crear un selector de ACL mal formado que, cuando se accede a \u00e9l, desencadena un p\u00e1nico del servidor y la consiguiente denegaci\u00f3n de servicio. El problema existe en Redis 7 anterior a las versiones 7.2.6 y 7.4.1. Se recomienda a los usuarios que actualicen la versi\u00f3n. No existen workarounds conocidas para esta vulnerabilidad."
Auto-Update: 2024-10-07T22:00:17.427268+00:00 2024-10-07 22:03:19 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "security-advisories@github.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"baseScore": 4.4,`
			`"baseSeverity": "MEDIUM",`
Auto-Update: 2024-10-07T22:00:17.427268+00:00 2024-10-07 22:03:19 +00:00			`"attackVector": "LOCAL",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "HIGH",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "NONE",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"availabilityImpact": "HIGH"`
Auto-Update: 2024-10-07T22:00:17.427268+00:00 2024-10-07 22:03:19 +00:00			`},`
			`"exploitabilityScore": 0.8,`
			`"impactScore": 3.6`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "security-advisories@github.com",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-20"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a",`
			`"source": "security-advisories@github.com"`
			`},`
			`{`
			`"url": "https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh",`
			`"source": "security-advisories@github.com"`
			`}`
			`]`
			`}`