CVE-2023-27531

Name of the Vulnerable Software and Affected Versions Kredis versions prior to 1.3.0.1

Description There is a deserialization of untrusted data vulnerability in the Kredis JSON deserialization code. This issue may result in the deserialization of unexpected objects in the system when carefully crafted JSON data is processed by Kredis. Any applications using Kredis with JSON are affected.

Recommendations For versions prior to 1.3.0.1, update to version 1.3.0.1 or apply the provided patch for the 1.3.0 series, named 1-3-0-1-kredis.patch, to resolve the issue. As a temporary workaround, consider restricting the use of Kredis with JSON until the update or patch is applied.