Headline
CVE-2021-31294: Prevent replicas from sending commands that interact with keyspace (#… · redis/redis@46f4ebb
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.
Commit
Permalink
Browse files
Browse the repository at this point in the history
Prevent replicas from sending commands that interact with keyspace (#…
…8868)
This solves an issue reported in #8712 in which a replica would bypass the client write pause check and cause an assertion due to executing a write command during failover.
The fact is that we don’t expect replicas to execute any command other than maybe REPLCONF and PING, etc. but matching against the ADMIN command flag is insufficient, so instead i just block keyspace access for now.
- Loading branch information