Candidate: CVE-2017-1000248
PublicDate: 2017-11-17 04:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000248
 https://github.com/redis-store/redis-store/commit/e0c1398d54a9661c8c70267c3a925ba6b192142e
Description:
 Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882034
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_ruby-redis-store:
upstream_ruby-redis-store: released (1.1.6-1+deb9u1, 1.1.6-2, 1.3.0-3)
precise/esm_ruby-redis-store: DNE
trusty_ruby-redis-store: DNE
trusty/esm_ruby-redis-store: DNE
xenial_ruby-redis-store: released (1.1.6-1+deb9u1build0.16.04.1)
zesty_ruby-redis-store: ignored (reached end-of-life)
artful_ruby-redis-store: ignored (reached end-of-life)
bionic_ruby-redis-store: not-affected (1.3.0-3)
cosmic_ruby-redis-store: not-affected (1.3.0-3)
devel_ruby-redis-store: not-affected (1.3.0-3)