Vulnerability	Vulnerable Version
M Exposure of Data Element to Wrong Session Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to a race condition when a queued connection is left open after canceling an async Redis command involving a non pipelined operation, at an inopportune time. The server can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this issue exists because of an incomplete fix for CVE-2023-28858. How to fix Exposure of Data Element to Wrong Session? Upgrade `redis` to version 4.4.4, 4.5.4 or higher.	[4.4.0rc1,4.4.4)[4.5.0,4.5.4)

Exposure of Data Element to Wrong Session

Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to a race condition when a queued connection is left open after canceling an async Redis command involving a non pipelined operation, at an inopportune time. The server can send response data to the client of an unrelated request in an off-by-one manner.

NOTE: this issue exists because of an incomplete fix for CVE-2023-28858.

How to fix Exposure of Data Element to Wrong Session?

Upgrade redis to version 4.4.4, 4.5.4 or higher.

[4.4.0rc1,4.4.4)[4.5.0,4.5.4)

Go back to all versions of this package