发布于3月6日3月6日 Members SUSE: CVE-2023-28859: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 03/26/2023 Created 05/15/2024 Added 05/15/2024 Modified 01/28/2025 Description redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutions for CVE-2023-28859 address data leakage across AsyncIO connections in general. Solution(s) suse-upgrade-python-paramiko-doc suse-upgrade-python-tqdm-bash-completion suse-upgrade-python311-aiohttp suse-upgrade-python311-aiosignal suse-upgrade-python311-antlr4-python3-runtime suse-upgrade-python311-argcomplete suse-upgrade-python311-asgiref suse-upgrade-python311-async_timeout suse-upgrade-python311-automat suse-upgrade-python311-avro suse-upgrade-python311-blinker suse-upgrade-python311-chardet suse-upgrade-python311-constantly suse-upgrade-python311-decorator suse-upgrade-python311-deprecated suse-upgrade-python311-distro suse-upgrade-python311-docker suse-upgrade-python311-fabric suse-upgrade-python311-fakeredis suse-upgrade-python311-fixedint suse-upgrade-python311-fluidity-sm suse-upgrade-python311-frozenlist suse-upgrade-python311-httplib2 suse-upgrade-python311-httpretty suse-upgrade-python311-humanfriendly suse-upgrade-python311-hyperlink suse-upgrade-python311-importlib-metadata suse-upgrade-python311-incremental suse-upgrade-python311-invoke suse-upgrade-python311-isodate suse-upgrade-python311-javaproperties suse-upgrade-python311-jsondiff suse-upgrade-python311-knack suse-upgrade-python311-lexicon suse-upgrade-python311-marshmallow suse-upgrade-python311-multidict suse-upgrade-python311-oauthlib suse-upgrade-python311-opencensus suse-upgrade-python311-opencensus-context suse-upgrade-python311-opencensus-ext-threading suse-upgrade-python311-opentelemetry-api suse-upgrade-python311-opentelemetry-sdk suse-upgrade-python311-opentelemetry-semantic-conventions suse-upgrade-python311-opentelemetry-test-utils suse-upgrade-python311-paramiko suse-upgrade-python311-pathspec suse-upgrade-python311-pip suse-upgrade-python311-pkginfo suse-upgrade-python311-portalocker suse-upgrade-python311-psutil suse-upgrade-python311-pycomposefile suse-upgrade-python311-pydash suse-upgrade-python311-pygithub suse-upgrade-python311-pygments suse-upgrade-python311-pyjwt suse-upgrade-python311-pyparsing suse-upgrade-python311-redis suse-upgrade-python311-requests-oauthlib suse-upgrade-python311-retrying suse-upgrade-python311-scp suse-upgrade-python311-semver suse-upgrade-python311-service_identity suse-upgrade-python311-sortedcontainers suse-upgrade-python311-sshtunnel suse-upgrade-python311-strictyaml suse-upgrade-python311-sure suse-upgrade-python311-tabulate suse-upgrade-python311-tqdm suse-upgrade-python311-twisted suse-upgrade-python311-twisted-all_non_platform suse-upgrade-python311-twisted-conch suse-upgrade-python311-twisted-conch_nacl suse-upgrade-python311-twisted-contextvars suse-upgrade-python311-twisted-http2 suse-upgrade-python311-twisted-serial suse-upgrade-python311-twisted-tls suse-upgrade-python311-typing_extensions suse-upgrade-python311-vcrpy suse-upgrade-python311-websocket-client suse-upgrade-python311-wheel suse-upgrade-python311-wrapt suse-upgrade-python311-xmltodict suse-upgrade-python311-yarl suse-upgrade-python311-zipp suse-upgrade-python311-zope-interface References https://attackerkb.com/topics/cve-2023-28859 CVE - 2023-28859
