Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Alert: cleo is vulnerable to Regular Expression Denial of Service (ReDoS) #426

Closed
Tech-Dex opened this issue Dec 5, 2022 · 1 comment
Closed

Security Alert: cleo is vulnerable to Regular Expression Denial of Service (ReDoS) #426

Tech-Dex opened this issue Dec 5, 2022 · 1 comment

Comments

@Tech-Dex
Copy link

Tech-Dex commented Dec 5, 2022

It seems like cleo==1.0.0a5 which is required by redis-om==0.1.0 has an issue.
@chayim
Copy link
Contributor

chayim commented Dec 6, 2022

Thanks for raising this issue!

redis-om-python does not have direct dependencies on cleo. However, upstream dependencies did exist. The cleo DDOS issue should not be impact this library given how it was being used (or specifically how set_rows isn't being used) and was previous identified/filtered in the dependency checks.

However PR #427 exists, and agreed, we should issue a new release as this occurs - to force dependency pinning!

@chayim chayim closed this as completed Dec 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chayim @Tech-Dex