What is CVE-2020-13151?

CVE-2020-13151 is a vulnerability in N/a. Published 2020-08-05.

Is CVE-2020-13151 known to be exploited?

19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-13151

Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls…

EPSS: 0.899 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

www.aerospike.com/docs/operations/configure/security/access-control/index.html (x_refsource_MISC)
b4ny4n.github.io/network-pentest/2020/08/01/cve-2020-13151-poc-aerospike.html (x_refsource_MISC)
www.aerospike.com/download/server/notes.html (x_refsource_MISC)
www.aerospike.com/enterprise/download/server/notes.html (x_refsource_MISC)
packetstormsecurity.com/files/160106/Aerospike-Database-5.1.0.3-Remote-Command-… (x_refsource_MISC)
packetstormsecurity.com/files/160451/Aerospike-Database-UDF-Lua-Code-Execution… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-13151?: CVE-2020-13151 is a vulnerability in N/a. Published 2020-08-05.
Is CVE-2020-13151 known to be exploited?: 19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.