CVE-2017-1000248 (redis-store): Unsafe objects can be loaded from Redis

November 16th, 2017

Unsafe objects can be loaded from Redis

Published: November 16, 2017

CVE: CVE-2017-1000248 (NVD)
GHSA: GHSA-2w67-526p-gm73
Vendor Advisory: https://github.com/redis-store/redis-store/commit/ce13252c26fcc40ed4935c9abfeb0ee0761e5704

CVSS v3.x: 9.8 (Critical)

>= 1.4.0

Redis-store <=v1.3.0 allows unsafe objects to be loaded from Redis via the use of the Marshal serializer.