CVE-2020-13151P1CRITICALCVSS 9.8PoCfixed in 4.5.3.21·≥ 4.6.0.1, < 4.6.0.19+4 more2020-08-05
CVE-2020-13151 [CRITICAL] CWE-78 CVE-2020-13151: Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defi
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with network access can use a crafted UDF to execute arbitrary OS commands on
nvd