Redis Py

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:redis:redis-py:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorRedis (6c818399-7e28-57a6-8fa0-307b3f9a96f5)
ProductRedis Py (8e6fb73f-28a2-5ddc-bfe6-fd49ac238a63)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/redis/redis-py purl2cpe 2026-06-01 10:11:34.299059
pkg:pypi/redis-py purl2cpe 2026-06-01 10:11:34.299061

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-28859 vulnerable 2026-06-08 06:02:36.550606 Details available
redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutions for CVE-2023-28859 address data leakage across AsyncIO connections in general.
Published: 2023-03-26T00:00:00.000Z
Updated: 2025-02-20T15:34:03.848Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-28858 vulnerable 2026-06-08 06:02:36.550010 Details available
redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT, and 4.3.6, 4.4.3, and 4.5.3 were released (changing the behavior for pipeline operations); however, please see CVE-2023-28859 about addressing data leakage across AsyncIO connections in general.
Published: 2023-03-26T00:00:00.000Z
Updated: 2025-02-20T15:35:34.833Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.