14 matches found
EUVD-2023-0223
Malicious code in bioql PyPI...
EUVD-2023-0222
Malicious code in bioql PyPI...
TencentOS Server 4: python-redis (TSSA-2024:0819)
"The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0819 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilitie...
SUSE SLED15: python-paramiko-doc / python-tqdm-bash-completion / etc (SUSE-SU-2024:1639-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1639-1 advisory. Changes in python-argcomplete - Update to 3.3.0 bsc1222880: Preserve compatibility with argparse...
FreeBSD : py39-redis -- can send response data to the client of an unrelated request (8aa6340d-e7c6-41e0-b2a3-3c9e9930312a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8aa6340d-e7c6-41e0-b2a3-3c9e9930312a advisory. - redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis...
GHSA-24WV-MV5M-XV4H redis-py Race Condition vulnerability
redis-py before 4.5.3, as used in ChatGPT and other products, leaves a connection open after canceling an async Redis command at an inopportune time in the case of a pipeline operation, and can send response data to the client of an unrelated request in an off-by-one manner. The fixed versions fo...
ad-sdl-wei (>=0.5.1 <=0.5.4), addok (>=1.1.0 <=1.1.0rc2) +143 more potentially affected by CVE-2023-28859 via redis (>=4.2.0 <=4.4.3)
redis PYPI version =4.2.0, =0.5.1, =1.1.0, =1.2.0a20250730, =2.2.1, =22.5.13, =0.1.1, =0.10.0, =0.2.0, =0.5.0, =22.6.0b4, =22.6.0b4, =22.6.0b4, =22.9.5, =23.3.2 and more Source cves: CVE-2023-28859 Source advisory: OSV:GHSA-8FWW-64CX-X8P5...
redis-py Race Condition vulnerability
redis-py before 4.5.3, as used in ChatGPT and other products, leaves a connection open after canceling an async Redis command at an inopportune time in the case of a pipeline operation, and can send response data to the client of an unrelated request in an off-by-one manner. The fixed versions fo...
CVE-2023-28859
redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. This could, for example, happen for a non-pipeline operation. NOTE: the solutions for CVE-2023-288...
CVE-2023-28859
redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. This could, for example, happen for a non-pipeline operation. NOTE: the solutions for CVE-2023-288...
CVE-2023-28859
redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. This could, for example, happen for a non-pipeline operation. NOTE: the solutions for CVE-2023-288...
CVE-2023-28859
CVE-2023-28859 affects redis-py: vulnerable in versions before 4.4.4 and 4.5.x before 4.5.4. The issue leaves a connection open after canceling an async Redis command at an inopportune time, potentially sending response data to the client of an unrelated request (e.g., non-pipeline operations). T...
CVE-2023-28859
redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. This could, for example, happen for a non-pipeline operation. NOTE: the solutions for CVE-2023-288...
py39-redis -- can send response data to the client of an unrelated request
drago-balto reports: redis-py before 4.5.3, as used in ChatGPT and other products, leaves a connection open after canceling an async Redis command at an inopportune time in the case of a pipeline operation, and can send response data to the client of an unrelated request in an off-by-one manner...