Tom Levy

**Name of the Vulnerable Software and Affected Versions** Redis versions prior to 6.0.18 Redis versions prior to 6.2.11 Redis versions prior to 7.0.9 **Description** Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. **Recommendations** Update to Redis version 6.0.18 or later for versions prior to 6.0.18. Update to Redis version 6.2.11 or later for versions prior to 6.2.11. Update to Redis version 7.0.9 or later for versions prior to 7.0.9. As a temporary workaround, consider restricting the use of `SCAN` and `KEYS` commands with specially crafted patterns until a patch is available.