Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Back

---
gem: redis-store
date: 2017-11-16
url: https://github.com/redis-store/redis-store/commit/ce13252c26fcc40ed4935c9abfeb0ee0761e5704
cve: 2017-1000248
title: Unsafe objects can be loaded from Redis
description: |
  Redis-store <=v1.3.0 allows unsafe objects to be loaded from Redis via the
  use of the Marshal serializer.
patched_versions:
- ">= 1.4.0"
related:
  url: '["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000248"]'