4 matches found
CVE-2026-45188 Apache Kvrocks: Replication Fullsync Path Traversal via Unvalidated Filename Handling
Relative Path Traversal vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...
CVE-2026-45188
The CVE-2026-45188 entry describes a Relative Path Traversal affecting Apache Kvrocks versions 1.0.0 through 2.15.0. The vulnerability stems from path handling during replication/fullsync via unvalidated filename handling, enabling traversal to restricted paths. Consequences are defined as potent...
CLSA-2026-1779351595 Fix CVE(s): CVE-2026-23631
SECURITY UPDATE: Use-after-free in readSyncBulkPayload during fullsync - debian/patches/0015-CVE-2026-23631.patch: guard readSyncBulkPayload in src/replication.c with an early return when server.luatimedout is set, so a fullsync cannot free the Lua scripting engine while a timed-out script is sti...
CLSA-2026-1778845249 redis: Fix of 2 CVEs
CVE-2026-23631: fix use-after-free in readSyncBulkPayload when fullsync happens while a Lua script is timed out on the replica - CVE-2026-25243: fix invalid memory access in RESTORE on crafted zipmap, listpack and stream PEL payloads...