embedded-redis icon indicating copy to clipboard operation
embedded-redis copied to clipboard

Published 20 hours ago verified publisher icon codemonstur

Included redis for Windows contains security vulnerabilities

Open codemonstur opened this issue 2 years ago • 3 comments

The library includes version 5.0.14 for Windows. This version has known vulnerabilities. Result of DependencyCheck plugin:

redis-server-5.0.14.1-windows-amd64.exe (cpe:2.3:a:redis:redis:5.0.14.1:*:*:*:*:*:*:*) : CVE-2022-24735, CVE-2023-25155, CVE-2022-24736, CVE-2022-36021, CVE-2022-3647

codemonstur avatar Mar 17 '23 13:03 codemonstur

I would love to update to a later version but I don't have a source newer than this.

codemonstur avatar Mar 17 '23 13:03 codemonstur

You can download the sources hear https://github.com/redis-windows/redis-windows/tags

deathwatcher avatar Apr 26 '24 09:04 deathwatcher

@deathwatcher when I said 'I don't have a source' I meant not having a source for binaries. The redis sources are useless, I can't compile the code on every system that I need them on.

codemonstur avatar Jun 20 '24 09:06 codemonstur