|
|
|
|
|
|
by NicolaiS
248 days ago
|
|
|
Note that this requires an authenticated user, so most redis installations are not directly at risk. The github issue has these workarounds:
> An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. I guess most people doesn't use the lua engine, so this is probably a good advice to disable even if upgrading to a non-vuln version of Redis. |
|
|