VYPR
High severityNVD Advisory· Published Apr 23, 2021· Updated Aug 3, 2024

Potential exponential regex in monitor mode

CVE-2021-29469

Description

Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched in version 3.1.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
redisnpm
>= 2.6.0, < 3.1.13.1.1

Affected products

2
  • ghsa-coords
    Range: >= 2.6.0, < 3.1.1
  • NodeRedis/node-redisv5
    Range: < 3.1.1

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.