Dependancy upgrades required to mitigate vulnerability
codevalve opened this issue · 0 comments
codevalve commented
Redis
Overview
In redis before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service.
redis 2.6.0 - 3.1.0
Regular Expression Denial of Service - https://npmjs.com/advisories/1662