redis@3.5.3 vulnerabilities
Python client for Redis database and key-value store
-
latest version
5.0.3
-
latest non vulnerable version
-
first published
12 years ago
-
latest version published
a month ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the redis package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to a race condition when a queued connection is left open after canceling an async Redis command involving a pipelined operation at an inopportune time. The server can send response data to the client of an unrelated request in an off-by-one manner. NOTE: The same vulnerability exists for non-pipelined operations, which was discovered after this one and is addressed by CVE-2023-28859. How to fix Exposure of Data Element to Wrong Session? Upgrade |
[,4.3.6)
[4.4.0rc1,4.4.3)
[4.5.0,4.5.3)
|