GHSA-2w67-526p-gm73
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2w67-526p-gm73
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/12/GHSA-2w67-526p-gm73/GHSA-2w67-526p-gm73.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-2w67-526p-gm73
- Aliases
- Published
- 2017-12-06T16:41:25Z
- Modified
- 2024-02-16T08:24:25.597076Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- redis-store deserializes untrusted data
- Details
-
Redis-store prior to 1.4.0 allows unsafe objects to be loaded from redis
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-502" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2020-06-16T20:53:06Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000248
- https://github.com/redis-store/redis-store/commit/ce13252c26fcc40ed4935c9abfeb0ee0761e5704
- https://github.com/redis-store/redis-store/commit/e0c1398d54a9661c8c70267c3a925ba6b192142e
- https://github.com/redis-store/redis-store
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/redis-store/CVE-2017-1000248.yml
Affected packages
RubyGems / redis-store
Package
- Name
- redis-store
- Purl
- pkg:gem/redis-store