Data Leakage Vulnerability in Redis-py by Redis
CVE-2023-28859
6.5MEDIUM
What is CVE-2023-28859?
The redis-py library versions prior to 4.4.4 and 4.5.x prior to 4.5.4 contain a vulnerability that occurs when an asynchronous Redis command is canceled improperly. This scenario can lead to the library leaving a connection open, resulting in response data from one command being sent to a client that is associated with a completely different request. This unintentional data crossover can pose serious risks, especially in environments where sensitive information is handled, highlighting the importance of upgrading to the patched versions to mitigate potential data leakage across AsyncIO connections.