Security Advisory: CVE-2024-31449, CVE-2024-31227, CVE-2024-31228

Three security vulnerabilities in Redis have been published recently, including a high-risk Lua library command exploit (CVE-2024-31449), a moderate risk denial-of-service due to unbounded pattern matching (CVE-2024-31228), and another moderate risk denial-of-service due to malformed ACL selectors (CVE-2024-31227). These vulnerabilities require an attacker to gain access to the Redis instance. To protect against these threats, users should follow best practices such as upgrading their Redis versions and securely configuring, deploying, and using Redis. The Redis Cloud service has already been updated with fixes for these vulnerabilities.