CVE-2021-31294

Name of the Vulnerable Software and Affected Versions Redis versions prior to 6.2 Redis versions prior to 6cbea7d

Description The issue allows a replica to cause an assertion failure in a primary server by sending a non-administrative command, specifically a SET command. This was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.

Recommendations For Redis versions prior to 6.2, update to version 6.2 or later to resolve the issue. For Redis versions prior to 6cbea7d, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of the SET command from replicas to minimize the risk of exploitation.