Lucene search
AnonymousNODEJS:1662HistoryMay 04, 2021 - 3:47 a.m.
Regular Expression Denial of Service
2021-05-0403:47:22
Anonymous
www.npmjs.com
24
0.002 Low
EPSS
Percentile
55.4%
Overview
In redis before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service.
Patches
The problem was fixed in commit 2d11b6d and was released in version 3.1.1.
Recommendation
Upgrade to version 3.1.1 or later
References
| CPE | Name | Operator | Version |
|---|---|---|---|
| redis | ge | 2.6.0 <3.1.1 |
Related
prion
prion
Code injection
2021-04-23 18:15:00
ubuntucve
ubuntucve
CVE-2021-29469
2021-04-23 00:00:00
osv
osv
CVE-2021-29469
2021-04-23 18:15:08
Node-Redis potential exponential regex in monitor mode
2021-04-27 15:56:03
github
github
Node-Redis potential exponential regex in monitor mode
2021-04-27 15:56:03
cvelist
cvelist
CVE-2021-29469 Potential exponential regex in monitor mode
2021-04-23 18:10:15
nvd
nvd
CVE-2021-29469
2021-04-23 18:15:08
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2021-04-26 09:56:09
cve
cve
CVE-2021-29469
2021-04-23 18:15:08
debiancve
debiancve
CVE-2021-29469
2021-04-23 18:15:08
