Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Potential exponential regex in monitor mode
Vulnerability Description
Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched in version 3.1.1.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
node-redis 安全漏洞
Vulnerability Description
node-redis是一个应用软件。一个高性能Node.js Redis客户端。 node-redis 存在安全漏洞,该漏洞源于客户端处于监视模式时,用于检测监视消息的regex开始可能导致某些字符串的指数回溯。会导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A