CVE-2022-3174 An attacker can obtain sensitive cookie in an HTTPS session without 'secure' attribute on GitHub repository prior to 2.4.2.

As confirmed by Redis maintainer, the Redis 2.4.2 has been released with better support for GitHub Redis. If you are using Redis with GitHub, you may want to update your Redis version to a newer one. Follow the below steps to update Redis version on your Redis instance. Open your Redis server configuration file, for example, redis.conf, find the line to “Redis version”. For example, if Redis version is 2.4.0, it will look like this: # Redis version to use, e. Redis setting. set redis-version "2.4.0" Next, find the line to “Redis Server URL”, e.g. # Redis server URL, e.g. redis://hostname:port/path. set redis-url "localhost" Save your changes and restart your Redis process. Now, if you are using Redis in your project, make sure you are using the latest version. You can verify Redis version in your project with the below command. ## Redis version check Redis version: redis-version ## Redis version: Currently, Redis 2.4.2 has better support for GitHub Redis. So, make sure you are using Redis version 2.4.2 or above to avoid problems.

Update NodeJS version

To update NodeJS version, set the "npm_config_production" to true if you are using NodeJS. For example: # Setting production mode to true for npm install npm config set npm-config-production true

Timeline

Published on: 09/13/2022 10:15:00 UTC
Last modified on: 09/15/2022 19:49:00 UTC

References