Improper Input Validation Affecting redis package, versions <7.2.4-r1


Severity

Recommended
low

Based on default assessment until relevant scores are available.

Threat Intelligence

EPSS
0.04% (12th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ALPINE319-REDIS-8138606
  • published2 Oct 2024
  • disclosed7 Oct 2024

Introduced: 2 Oct 2024

CVE-2024-31227  (opens in a new tab)
CWE-20  (opens in a new tab)

How to fix?

Upgrade Alpine:3.19 redis to version 7.2.4-r1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream redis package and not the redis package as distributed by Alpine. See How to fix? for Alpine:3.19 relevant fixed versions and status.

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS Scores

version 3.1