4.5.0

Last update: 27/01/2025

redis

Redis Python client

Version: 4.5.0

Safety score

Check your open source dependency risks. Get immediate insight about security, stability and licensing risks.

De-risk your app now

Security Risks of Known Vulnerabilities

CVE-2023-28858
CWE-193
Threat level: LOW | CVSS score: 3.7

redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT, and 4.3.6, 4.4.3, and 4.5.3 were released (changing the behavior for pipeline operations); however, please see CVE-2023-28859 about addressing data leakage across AsyncIO connections in general.

CVE-2023-28859
CWE-459
Threat level: MEDIUM | CVSS score: 6.5

redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutions for CVE-2023-28859 address data leakage across AsyncIO connections in general.

Please note that this component is affected by other vulnerabilities
Critical | High | Medium | Low | Suggest

Latest safe patch: 4.5.5 - Latest safe minor: 4.6.0 - Latest safe major: 5.3.0b4 Scan your application codebase with Meterian to see all known vulnerabilities in your open source software dependencies.

Stability

Stay updated with the latest patches and releases. Plan your sofware desisgn. Avoid common known vulnerabilities fixed by the open source community

Latest patch release: 4.5.5

Latest minor release: 4.6.0

Latest major release: 5.3.0b4

Licensing

Maintain your licence declarations and avoid unwanted licences to protect your IP the way you intended.

MIT - MIT License

Not a wildcard

Not proprietary

OSI Compliant