Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Redis
(Redislabs)| Repositories | https://github.com/antirez/redis |
| #Vulnerabilities | 22 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-10-24 | CVE-2016-10517 | networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port). | Redis | 7.4 | ||
| 2016-08-10 | CVE-2013-7458 | linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file. | Debian_linux, Redis | 3.3 |