17 matches found
TencentOS Server 4: python-redis (TSSA-2024:0819)
"The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0819 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilitie...
SUSE SLED15: python-paramiko-doc / python-tqdm-bash-completion / etc (SUSE-SU-2024:1639-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1639-1 advisory. Changes in python-argcomplete - Update to 3.3.0 bsc1222880: Preserve compatibility with argparse...
FreeBSD : py39-redis -- can send response data to the client of an unrelated request (3f6d6181-79b2-4d33-bb1e-5d3f9df0c1d1)
"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3f6d6181-79b2-4d33-bb1e-5d3f9df0c1d1 advisory. - redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an...
abs-auth-rbac-core (>=0.1.15 <=0.5.4), airdot (>=0.3.0b0 <=0.6.0b0) +45 more potentially affected by CVE-2023-28858 via redis (>=4.5.0 <=4.5.2)
redis PYPI version =4.5.0, =0.1.15, =0.3.0b0, =23.2.9, =1.1.87, =0.0.25, =1.1.0, =1.0.0, =0.13.0, =1.0.0, =0.3.0, =4.7.0, =4.7.3 and more Source cves: CVE-2023-28858 Source advisory: OSV:GHSA-24WV-MV5M-XV4H...
ad-sdl-wei (>=0.5.1 <=0.5.4), addok (>=1.1.0 <=1.1.0rc2) +94 more potentially affected by CVE-2023-28858 via redis (>=4.2.0 <=4.3.5)
redis PYPI version =4.2.0, =0.5.1, =1.1.0, =22.5.13, =0.1.1, =0.5.0, =3.2.0, =1.0.0, =0.5.0, =0.1.0, =2.0.3, =0.1.2, =0.1.15 - croudtech-python-aws-app-config =1.1.13 and more Source cves: CVE-2023-28858 Source advisory: OSV:GHSA-24WV-MV5M-XV4H...
an-website (>=22.12.28 <=23.2.6), anoteai (>=0.10.0 <=0.20.0) +26 more potentially affected by CVE-2023-28858 via redis (>=4.4.0 <=4.4.2)
redis PYPI version =4.4.0, =22.12.28, =0.10.0, =0.8.2, =0.1.17, =0.0.10, =1.8.1, =0.5.0rc1, =0.0.122, =0.104.0rc1, =0.7.2, =0.31.0, =1.0.2, =1.1.1 - lemur =1.3.1 and more Source cves: CVE-2023-28858 Source advisory: OSV:GHSA-24WV-MV5M-XV4H...
CVE-2023-28858
redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT, and 4.3.6, 4.4....
abs-auth-rbac-core (>=0.1.15 <=0.5.4), airdot (>=0.3.0b0 <=0.6.0b0) +45 more potentially affected by CVE-2023-28858 via redis (>=4.5.0 <=4.5.2)
redis PYPI version =4.5.0, =0.1.15, =0.3.0b0, =23.2.9, =1.1.87, =0.0.25, =1.1.0, =1.0.0, =0.13.0, =1.0.0, =0.3.0, =4.7.0, =4.7.3 and more Source cves: CVE-2023-28858 Source advisory: OSV:PYSEC-2023-45...
an-website (>=22.12.28 <=23.2.6), anoteai (>=0.10.0 <=0.20.0) +26 more potentially affected by CVE-2023-28858 via redis (>=4.4.0 <=4.4.2)
redis PYPI version =4.4.0, =22.12.28, =0.10.0, =0.8.2, =0.1.17, =0.0.10, =1.8.1, =0.5.0rc1, =0.0.122, =0.104.0rc1, =0.7.2, =0.31.0, =1.0.2, =1.1.1 - lemur =1.3.1 and more Source cves: CVE-2023-28858 Source advisory: OSV:PYSEC-2023-45...
CVE-2023-28858
redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT, and 4.3.6, 4.4....
CVE-2023-28858
redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT, and 4.3.6, 4.4....
CVE-2023-28858
redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT, and 4.3.6, 4.4....
CVE-2023-28858
redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT, and 4.3.6, 4.4....
CVE-2023-28858
CVE-2023-28858 affects the Python Redis client, redis-py, for versions before 4.5.3. The issue is a connection that may remain open after canceling an async Redis command at an inopportune time, which can lead to leakage of response data to the client of an unrelated request in an off-by-one mann...
CVE-2023-28858
redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT, and 4.3.6, 4.4....
CVE-2023-28858
redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT, and 4.3.6, 4.4....
py39-redis -- can send response data to the client of an unrelated request
drago-balto reports: redis-py through 4.5.3 and 4.4.3 leaves a connection open after canceling an async Redis command at an inopportune time in the case of a non-pipeline operation, and can send response data to the client of an unrelated request. NOTE: this issue exists because of an incomplete...