Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/redis@4.0.0rc2

Type pypi

Namespace

Name redis

Version 4.0.0rc2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.2.0

Latest_non_vulnerable_version 6.2.0

Affected_by_vulnerabilities

url VCID-tuk1-7q8x-bqfm

vulnerability_id VCID-tuk1-7q8x-bqfm

summary Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.

references

fixed_packages

url	pkg:pypi/redis@6.2.0
purl	pkg:pypi/redis@6.2.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/redis@6.2.0

aliases PYSEC-2023-312

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tuk1-7q8x-bqfm

Fixing_vulnerabilities

Risk_score 2.6

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/redis@4.0.0rc2

Package Instance