vulnerability
SUSE: CVE-2023-28858: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | 03/26/2023 | 05/15/2024 | 01/28/2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
03/26/2023
Added
05/15/2024
Modified
01/28/2025
Description
redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT, and 4.3.6, 4.4.3, and 4.5.3 were released (changing the behavior for pipeline operations); however, please see CVE-2023-28859 about addressing data leakage across AsyncIO connections in general.
Solution(s)
suse-upgrade-python-paramiko-docsuse-upgrade-python-tqdm-bash-completionsuse-upgrade-python311-aiohttpsuse-upgrade-python311-aiosignalsuse-upgrade-python311-antlr4-python3-runtimesuse-upgrade-python311-argcompletesuse-upgrade-python311-asgirefsuse-upgrade-python311-async_timeoutsuse-upgrade-python311-automatsuse-upgrade-python311-avrosuse-upgrade-python311-blinkersuse-upgrade-python311-chardetsuse-upgrade-python311-constantlysuse-upgrade-python311-decoratorsuse-upgrade-python311-deprecatedsuse-upgrade-python311-distrosuse-upgrade-python311-dockersuse-upgrade-python311-fabricsuse-upgrade-python311-fakeredissuse-upgrade-python311-fixedintsuse-upgrade-python311-fluidity-smsuse-upgrade-python311-frozenlistsuse-upgrade-python311-httplib2suse-upgrade-python311-httprettysuse-upgrade-python311-humanfriendlysuse-upgrade-python311-hyperlinksuse-upgrade-python311-importlib-metadatasuse-upgrade-python311-incrementalsuse-upgrade-python311-invokesuse-upgrade-python311-isodatesuse-upgrade-python311-javapropertiessuse-upgrade-python311-jsondiffsuse-upgrade-python311-knacksuse-upgrade-python311-lexiconsuse-upgrade-python311-marshmallowsuse-upgrade-python311-multidictsuse-upgrade-python311-oauthlibsuse-upgrade-python311-opencensussuse-upgrade-python311-opencensus-contextsuse-upgrade-python311-opencensus-ext-threadingsuse-upgrade-python311-opentelemetry-apisuse-upgrade-python311-opentelemetry-sdksuse-upgrade-python311-opentelemetry-semantic-conventionssuse-upgrade-python311-opentelemetry-test-utilssuse-upgrade-python311-paramikosuse-upgrade-python311-pathspecsuse-upgrade-python311-pipsuse-upgrade-python311-pkginfosuse-upgrade-python311-portalockersuse-upgrade-python311-psutilsuse-upgrade-python311-pycomposefilesuse-upgrade-python311-pydashsuse-upgrade-python311-pygithubsuse-upgrade-python311-pygmentssuse-upgrade-python311-pyjwtsuse-upgrade-python311-pyparsingsuse-upgrade-python311-redissuse-upgrade-python311-requests-oauthlibsuse-upgrade-python311-retryingsuse-upgrade-python311-scpsuse-upgrade-python311-semversuse-upgrade-python311-service_identitysuse-upgrade-python311-sortedcontainerssuse-upgrade-python311-sshtunnelsuse-upgrade-python311-strictyamlsuse-upgrade-python311-suresuse-upgrade-python311-tabulatesuse-upgrade-python311-tqdmsuse-upgrade-python311-twistedsuse-upgrade-python311-twisted-all_non_platformsuse-upgrade-python311-twisted-conchsuse-upgrade-python311-twisted-conch_naclsuse-upgrade-python311-twisted-contextvarssuse-upgrade-python311-twisted-http2suse-upgrade-python311-twisted-serialsuse-upgrade-python311-twisted-tlssuse-upgrade-python311-typing_extensionssuse-upgrade-python311-vcrpysuse-upgrade-python311-websocket-clientsuse-upgrade-python311-wheelsuse-upgrade-python311-wraptsuse-upgrade-python311-xmltodictsuse-upgrade-python311-yarlsuse-upgrade-python311-zippsuse-upgrade-python311-zope-interface
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.