redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.
Information Disclosure
Redis
Redis Py
NVD
GitHub
CVSS 3.1
3.7
EPSS
1.0%