In redis
before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service.
The problem was fixed in commit 2d11b6d
and was released in version 3.1.1
.
Upgrade to version 3.1.1 or later
CPE | Name | Operator | Version |
---|---|---|---|
redis | ge | 2.6.0 <3.1.1 |