Beanstalkd < 1.4.6 Remote Beanstalkd Command Injection
High Nessus Plugin ID 46884
SynopsisThe remote host has an application that may allow modification of data via a restricted set of commands.
DescriptionThe installed version of Beanstalkd allows injection of Beanstalk commands.
A malicious producer process or client could exploit this issue to inject arbitrary beanstalkd commands via the 'PUT' command to view status of existing jobs or delete jobs from the Beanstalkd queue without co-operation from the consumer process or the client.
SolutionUpgrade to version 1.4.6 or later.