There's a security vulnerability in latest versions - CVE-2024-24786

oliver006 / redis_exporter

Prometheus Exporter for ValKey & Redis Metrics. Supports ValKey and Redis 2.x, 3.x, 4.x, 5.x, 6.x, and 7.x

https://github.com/oliver006/redis_exporter

MIT License

3.03k stars 858 forks source link

There's a security vulnerability in latest versions - CVE-2024-24786 #894

Closed panush closed 2 months ago

panush commented 3 months ago

Describe the problem I scanned my redis-exporter image (using 1.55.0) and found out this CVE (CVE-2024-24786). When moving to 1.58.0 (latest version), this CVE still there.

What version of redis_exporter are you running? oliver006/redis_exporter:v1.58.0-alpine

EricIO commented 2 months ago

Seems like it is fixed in https://github.com/oliver006/redis_exporter/commit/1f5f4c9dd52cafd1134023d463e0881512f1bce2 but a new release would need to be cut.

oliver006 commented 2 months ago

Thanks for raising the issue - I'll cut a new release in the next few days.

oliver006 commented 2 months ago

Released v1.59.0 https://github.com/oliver006/redis_exporter/releases/tag/v1.59.0