Severity: low

    Regular Expression Denial of Service

    redis

    Overview

    In redis before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service.

    Patches

    The problem was fixed in commit 2d11b6d and was released in version 3.1.1.

    Remediation

    Upgrade to version 3.1.1 or later

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      May 4th, 2021
    2. reported

      Reported by Anonymous
      May 4th, 2021