Product Research Enterprise Plans Docs

PyPi: Redis-Dict

CVE-2023-4807

Transitive

Safety vulnerability ID: 64093

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Sep 08, 2023 Updated at Nov 06, 2024

Scan your Python projects for vulnerabilities →

Advisory

Redis-dict 2.3.0 updates its dependency on Cryptography, moving to 41.0.4, in response to the security vulnerability identified as CVE-2023-4807.
https://github.com/Attumm/redis-dict/commit/df6f2b89d60ea5c59e564ebf2209e1f166fb1892

Affected package

redis-dict

Latest version: 3.1.2

Dictionary with Redis as storage backend

Affected versions

Fixed versions

Vulnerability changelog

* bumped package versions for security
* small update for readme

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4807

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.8

CVSS v3 Details

HIGH 7.8

Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): HIGH
Availability Availability (A): HIGH