Soon after the publication of CVE-2022-24735, Instaclustr began investigating its potential impact on our Redis™ offering. This vulnerability allows weaknesses in the Lua script execution environment to be exploited. An attacker with access to vulnerable versions could inject Lua code to be run by a user with high privileges.
We believe this vulnerability is not exploitable under our managed service, due to the ACLs that we apply to our standard users. However, due to the severity of the vulnerability, we decided that releasing the newer version of Redis was the best course of action. Redis 6.2.7 contains the fix and is now available on the Instaclustr Managed Platform. We recommend our customers running Redis 6.2.6 upgrade to this newer version. To do so, please get in touch with us via our support website.
- We recommend upgrading to Redis 6.2.7.
If you have any further queries regarding this vulnerability and how it relates to Instaclustr services, please contact [email protected].