CVE-2020-13151

CRITICAL

Aerospike Database UDF Lua Code Execution

Title source: metasploit

Description

Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with network access can use a crafted UDF to execute arbitrary OS commands on all nodes of the cluster at the permission level of the user running the Aerospike service.

Exploits (4)

exploitdb WORKING POC
by Matt S · pythonremotemultiple
https://www.exploit-db.com/exploits/49067
nomisec WORKING POC 38 stars
by b4ny4n · poc
https://github.com/b4ny4n/CVE-2020-13151
nomisec WORKING POC
by ByteMe1001 · poc
https://github.com/ByteMe1001/CVE-2020-13151-POC-Aerospike-Server-Host-Command-Execution-RCE-
metasploit WORKING POC GREAT
by b4ny4n, bcoles · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/aerospike_database_udf_cmd_exec.rb

References (6)

Scores

CVSS v3 9.8
EPSS 0.8995
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
aerospike/aerospike_server < 4.5.3.21
Published Aug 05, 2020
Tracked Since Feb 18, 2026