embedded-redis icon indicating copy to clipboard operation
embedded-redis copied to clipboard

Published 20 hours ago verified publisher icon ozimov

Security - Upgrade to commons-io 2.8.0 to resolve CVE-2021-29425

Open mikepalfrey opened this issue 3 years ago • 3 comments

Embedded Redis is currently using version 2.5 of commons-io. This has the following vulnerability (CVSS score 5.3) - https://nvd.nist.gov/vuln/detail/CVE-2021-29425

Upgrading to 2.7 or higher resolves this.

mikepalfrey avatar May 17 '21 10:05 mikepalfrey

Second this - our project has flagged the above CVE due to use of this package.

husseyd avatar Jul 29 '21 05:07 husseyd

need this too :/

DeeVeX avatar May 16 '22 07:05 DeeVeX

This repo is up-to-date https://github.com/codemonstur/embedded-redis

constantine2nd avatar Oct 19 '23 14:10 constantine2nd