Select Page

A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network.

The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was disclosed earlier this year to deploy Redigo, according to cloud security firm Aqua.

Tracked as CVE-2022-0543 (CVSS score: 10.0), the weakness pertains to a case of sandbox escape in the Lua scripting engine that could be leveraged to attain remote code execution.

Redis Vulnerability

images from Hacker News