redis

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting redispage 1 of 1

CVE-2023-28858LOWCVSS 3.7EG 3.7✓ Fixed in 4.5.3
2023-03-26
vulnerable: 4.2.0 ... 4.5.2 (15 versions)
redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially cre…
CVE-2023-28859MEDIUMCVSS 6.5EG 6.5✓ Fixed in 4.5.4
2023-03-26
vulnerable: 4.2.0 ... 4.5.3 (22 versions)
redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a n…

Check whether redis is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for redis CVEs against the assets you own.

Start Free Scan →