ioredis@2.0.0-alpha3 vulnerabilities
A robust, performance-focused and full-featured Redis client for Node.js.
-
latest version
5.4.1
-
latest non vulnerable version
-
first published
10 years ago
-
latest version published
7 months ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the ioredis package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
ioredis is a Redis client for Node.js. Affected versions of this package are vulnerable to Prototype Pollution. The reply transformer which is applied does not check for special field names. This only impacts applications that are directly allowing user-provided field names. PoC
How to fix Prototype Pollution? Upgrade |
<4.27.8
|