New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(CVE-2024-46981) Lua script commands may lead to remote code execution #888

Open

dceravigupta opened this issue Jan 8, 2025 · 1 comment

dceravigupta commented Jan 8, 2025

Since all versions of Redis with Lua enable are impacted, can we release a new version of keydb with the fix?

Fix on Redis side:
redis/redis#13728

keithchew commented Jan 9, 2025

For those maintaining their local copy of keydb, I can confirm that the single line fix from the link above compiles without errors:

    lua_gc(g_pserver->lua, LUA_GCCOLLECT, 0);

Note: it is g_pserver->lua instead of server.lua.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment