- Description
- Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- redis
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-20
- Hype score
- Not currently trending
Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory https://t.co/iSlI2BvtwS
@oss_security
19 Apr 2026
487 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] Redis Vulnerability Allows Remote Code Execution CVE-2024-31449 in Re… 🔴 CVE: CVE-2024-31449 🕵️ APT: N/A ⚡ Status: ACTIVE 🎯 MITRE: Execution ⚔️ Critical flaw in widely used database systems. 🔗 https://t.co/rmgemJEHFX #myso
@MysocAi
23 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CVE-2024-31449: Redis Vulnerability Enables Remote Code Execution CVE-2024-31449 allow… 🔴 CVE: CVE-2024-31449 🕵️ APT: N/A ⚡ Status: ACTIVE 🎯 MITRE: Exploitation for Privilege Escalation, Exploitation for Defense Evasion ⚔️ High severity; patch to p
@MysocAi
23 Feb 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CVE-2024-31449 in Redis High-severity vulner… 🔴 CVE: CVE-2024-31449 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Execution, Persistence ⚔️ Affects widely used data storage systems. 🔗 https://t.co/rmgemJEHFX #mysocAi #CyberSec
@MysocAi
23 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] Redis Flaw Enables Remote Code Execution CVE-2024-31449 in Re… 🔴 CVE: CVE-2024-31449 🕵️ APT: Unknown ⚡ Status: INACTIVE 🎯 MITRE: Exploitation for Remote Code Execution ⚔️ Affects widely used database system. 🔗 https://t.co/EIt4q5tCY8
@MysocAi
23 Feb 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Lua: Watching Since the Beginning. 🌙👁️ 2024–2025 reminded us that Lua isn’t just nostalgia: Redis - CVE-2024-46981 & CVE-2024-31449 let authenticated users abuse the embedded Lua VM for RCE. 📎 https://t.co/MflCE2Mseh OpenWrt LuCI - CVE-2024-51240 turned a L
@M_haggis
9 Sept 2025
824 Impressions
4 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
Redis CVE-2024-31449: How to Reproduce and Mitigate the Vulnerability https://t.co/LYHEGfKJIo
@Dinosn
18 Nov 2024
3337 Impressions
20 Retweets
48 Likes
7 Bookmarks
0 Replies
0 Quotes
Redis CVE-2024-31449: How to Reproduce and Mitigate the Vulnerability https://t.co/8j6W51jXyL
@_r_netsec
18 Nov 2024
1522 Impressions
4 Retweets
15 Likes
6 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92118EB1-660D-4859-BA6D-FDC64E5C48F4",
"versionEndExcluding": "6.2.16",
"versionStartIncluding": "2.8.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8A45E4-57CF-4B05-B188-A75BBDF37822",
"versionEndExcluding": "7.2.6",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redis:redis:7.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4C484C7C-4C3B-45F6-8DF5-84CFE5FF2717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redis:redis:7.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "14EE168F-747A-43EE-84B8-14C332A7F1CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redis:redis:7.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C983360E-DC98-4C5A-A088-7DCE273595A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]