CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2019-17206
https://notcve.org/view.php?id=CVE-2019-17206
05 Oct 2019 — Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts. La deserialización no controlada de un objeto pickled en models.py en Frost Ming rediswrapper (también se conoce como Redis Wrapper) versiones anteriores a 0.3.0, permite a atacantes ejecutar scripts arbitrarios. • https://github.com/frostming/rediswrapper/compare/v0.2.1...v0.3.0 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10639
https://notcve.org/view.php?id=CVE-2016-10639
04 Jun 2018 — redis-srvr is a npm wrapper for redis-server. redis-srvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. redis-srvr es un wrapper de npm para redis-server. redis-srvr descarga recursos binarios por HTTP, lo que lo deja vulnerable a ataques MITM. Podría ser po... • https://nodesecurity.io/advisories/238 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10672
https://notcve.org/view.php?id=CVE-2016-10672
04 Jun 2018 — cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. cloudpub-redis es un módulo para CloudPub: Redis Backend. cloudpub-redis descarga recursos binarios por HTTP, lo que lo deja vulnerable a at... • https://nodesecurity.io/advisories/282 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000248
https://notcve.org/view.php?id=CVE-2017-1000248
17 Nov 2017 — Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis Redis-store en versiones 1.3.0 y anteriores permite que se carguen objetos no seguros desde redis. • https://github.com/redis-store/redis-store/commit/e0c1398d54a9661c8c70267c3a925ba6b192142e • CWE-502: Deserialization of Untrusted Data •