Vulnerability	Vulnerable Version
L Exposure of Data Element to Wrong Session Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to a race condition when a queued connection is left open after canceling an async Redis command involving a pipelined operation at an inopportune time. The server can send response data to the client of an unrelated request in an off-by-one manner. NOTE: The same vulnerability exists for non-pipelined operations, which was discovered after this one and is addressed by CVE-2023-28859. How to fix Exposure of Data Element to Wrong Session? Upgrade `redis` to version 4.3.6, 4.4.3, 4.5.3 or higher.	[,4.3.6)[4.4.0rc1,4.4.3)[4.5.0,4.5.3)

Exposure of Data Element to Wrong Session

Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to a race condition when a queued connection is left open after canceling an async Redis command involving a pipelined operation at an inopportune time. The server can send response data to the client of an unrelated request in an off-by-one manner.

NOTE: The same vulnerability exists for non-pipelined operations, which was discovered after this one and is addressed by CVE-2023-28859.

How to fix Exposure of Data Element to Wrong Session?

Upgrade redis to version 4.3.6, 4.4.3, 4.5.3 or higher.

[,4.3.6)[4.4.0rc1,4.4.3)[4.5.0,4.5.3)

Go back to all versions of this package