There's a security vulnerability in latest versions - CVE-2024-24786

Question

There's a security vulnerability in latest versions - CVE-2024-24786

panush opened this issue 10 months ago · 3 comments

Describe the problem
I scanned my redis-exporter image (using 1.55.0) and found out this CVE (CVE-2024-24786).
When moving to 1.58.0 (latest version), this CVE still there.

What version of redis_exporter are you running?
oliver006/redis_exporter:v1.58.0-alpine

Answer 1 · 2024-04-08T07:20:32.000Z

Seems like it is fixed in 1f5f4c9 but a new release would need to be cut.

Answer 2 · 2024-04-12T06:12:19.000Z

Thanks for raising the issue - I'll cut a new release in the next few days.

Answer 3 · 2024-04-22T05:06:26.000Z

Released v1.59.0
https://github.com/oliver006/redis_exporter/releases/tag/v1.59.0