{
  "threat_severity" : "Important",
  "public_date" : "2015-06-04T00:00:00Z",
  "bugzilla" : {
    "description" : "redis: Lua sandbox escape and arbitrary code execution",
    "id" : "1228327",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1228327"
  },
  "cvss" : {
    "cvss_base_score" : "6.8",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
    "status" : "verified"
  },
  "details" : [ "Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.", "A flaw was discovered in redis that could allow an authenticated user, who was able to use the EVAL command to run Lua code, to break out of the Lua sandbox and execute arbitrary code on the system." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
    "release_date" : "2015-08-24T00:00:00Z",
    "advisory" : "RHSA-2015:1676",
    "cpe" : "cpe:/a:redhat:openstack:6::el7",
    "package" : "redis-0:2.8.21-1.el7ost"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)",
    "fix_state" : "Affected",
    "package_name" : "redis",
    "cpe" : "cpe:/a:redhat:openstack:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-4335\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4335" ],
  "name" : "CVE-2015-4335",
  "csaw" : false
}