Redis Vulnerability Leads to Assertion Failure via Non-Administrative Commands
CVE-2021-31294
5.9MEDIUM
What is CVE-2021-31294?
A vulnerability has been identified in Redis that allows a replica to induce an assertion failure in the primary server by issuing non-administrative commands, specifically the SET command. This flaw affects Redis versions prior to 6.2.x. The issue arose from a lack of intended safety guarantees in earlier versions, making systems running outdated software particularly susceptible. A fix was introduced in Redis versions 6.2.x and 7.x to address this critical concern.