When a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service.
Patches
The problem was fixed in commit 2d11b6d and was released in version 3.1.1.
References
1569 (GHSL-2021-026)
Release Notes
NodeRedis/node-redis
### [`v3.1.1`](https://togithub.com/NodeRedis/node-redis/releases/v3.1.1)
[Compare Source](https://togithub.com/NodeRedis/node-redis/compare/v3.1.0...v3.1.1)
### Enhancements
- Upgrade node and dependencies ([#1578](https://togithub.com/NodeRedis/node-redis/issues/1578))
### Fixes
- Fix a potential exponential regex in monitor mode ([#1595](https://togithub.com/NodeRedis/node-redis/issues/1595))
### [`v3.1.0`](https://togithub.com/NodeRedis/node-redis/releases/v3.1.0)
[Compare Source](https://togithub.com/NodeRedis/node-redis/compare/v3.0.2...v3.1.0)
##### Enhancements
- Upgrade node and dependencies and redis-commands to support Redis 6 ([#1578](https://togithub.com/NodeRedis/node-redis/issues/1578))
- Add support for Redis 6 `auth pass [user]` ([#1508](https://togithub.com/NodeRedis/node-redis/issues/1508))
Configuration
π Schedule: "" (UTC).
π¦ Automerge: Enabled.
β» Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.
π Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box.
This PR contains the following updates:
3.0.2->3.1.1GitHub Vulnerability Alerts
CVE-2021-29469
Impact
When a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service.
Patches
The problem was fixed in commit
2d11b6dand was released in version3.1.1.References
1569 (GHSL-2021-026)
Release Notes
NodeRedis/node-redis
### [`v3.1.1`](https://togithub.com/NodeRedis/node-redis/releases/v3.1.1) [Compare Source](https://togithub.com/NodeRedis/node-redis/compare/v3.1.0...v3.1.1) ### Enhancements - Upgrade node and dependencies ([#1578](https://togithub.com/NodeRedis/node-redis/issues/1578)) ### Fixes - Fix a potential exponential regex in monitor mode ([#1595](https://togithub.com/NodeRedis/node-redis/issues/1595)) ### [`v3.1.0`](https://togithub.com/NodeRedis/node-redis/releases/v3.1.0) [Compare Source](https://togithub.com/NodeRedis/node-redis/compare/v3.0.2...v3.1.0) ##### Enhancements - Upgrade node and dependencies and redis-commands to support Redis 6 ([#1578](https://togithub.com/NodeRedis/node-redis/issues/1578)) - Add support for Redis 6 `auth pass [user]` ([#1508](https://togithub.com/NodeRedis/node-redis/issues/1508))Configuration
π Schedule: "" (UTC).
π¦ Automerge: Enabled.
β» Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.