本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
常见漏洞和暴露 (CVE):已解决的安全漏洞 ElastiCache
常见漏洞和风险(CVE)是公开已知网络安全漏洞的条目列表。每个条目都是一个链接,其中包含一个标识号、一段描述和至少一个公共参考。您可以在此页面上找到已解决的安全漏洞列表以及未受影响 ElastiCache的 CVE。 ElastiCache
我们建议您始终升级到最新的 ElastiCache Valkey、Redis OSS 或 ElastiCache Memcached 版本,以防范已知漏洞。操作 ElastiCache 无服务器缓存时,CVE 修复会自动应用于您的缓存。使用 Valkey 或 Redis OSS 操作基于节点的集群时, ElastiCache 会暴露补丁组件。例如,在 Redis OSS 版本 6.2.6 中使用 ElastiCache 时,主要版本为 6,次要版本为 2,补丁版本为 6。PATCH 版本用于向后兼容的错误修复、安全修复和非功能性更改。
在 Amazon 中填写的 CVE ElastiCache
下表列出了 CVE 及其所在的 ElastiCache 引擎版本。复选标记 (✓) 表示 CVE 已在该版本中寻址。 N/A 表示 CVE 不会影响该引擎版本。如果您的 ElastiCache Valkey 或 Redis OSS 集群运行的版本没有安全补丁,则可以升级到包含该修复程序的最新 ElastiCache Valkey 或 Redis OSS 版本,或者如果您使用的是包含该修复程序的版本,请通过参阅确保应用了最新的服务更新。管理基于节点的集群的服务更新有关支持的 ElastiCache 引擎版本以及如何升级的更多信息,请参阅引擎版本和升级中 ElastiCache。
注意
下表中的星号 (*) 表示您必须为运行指定版本的集群应用最新的服务更新才能解决安全漏洞。有关如何验证您的集群运行版本是否已应用最新服务更新的更多信息,请参阅管理基于节点的集群的服务更新。
| CVE | Valkey 8.2 | Valkey 8.1 | Valkey 8.0 | Valkey 7.2 | Redis OSS 7.1 | Redis OSS 7.0 | Redis OSS 6.2 | Redis OSS 6.0 | Redis OSS 5.0 | Redis OSS 4.0 |
|---|---|---|---|---|---|---|---|---|---|---|
✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | N/A | N/A | N/A | |
✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | N/A | N/A | N/A | |
✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | N/A | N/A | N/A | |
✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | N/A | N/A | N/A | |
✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | N/A | N/A | N/A | |
✓ | ✓ | ✓ | ✓ | ✓ | ✓ | N/A | N/A | N/A | N/A | |
N/A | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
N/A | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
N/A | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
N/A | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
N/A | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
N/A | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
N/A | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
N/A | ✓ | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | |
N/A | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
N/A | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
N/A | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
N/A | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
N/A | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
N/A | ✓ | ✓ | ✓ | ✓ | N/A | N/A | N/A | N/A | N/A | |
N/A | N/A | N/A | N/A | ✓ | ✓ | N/A | N/A | N/A | N/A | |
N/A | N/A | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | N/A | N/A | |
N/A | N/A | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | N/A | N/A | |
N/A | N/A | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
N/A | N/A | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
N/A | N/A | N/A | N/A | ✓ | ✓ | N/A | N/A | N/A | N/A | |
N/A | N/A | N/A | N/A | ✓ | ✓ | N/A | N/A | N/A | N/A | |
N/A | N/A | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
N/A | N/A | N/A | ✓ | ✓ | ✓ | ✓ | ✓ | N/A | N/A | |
N/A | N/A | N/A | ✓ | ✓ | ✓ | ✓ | ✓ | N/A | N/A | |
N/A | N/A | N/A | ✓ | ✓ | ✓ | ✓ | ✓ | N/A | N/A | |
N/A | N/A | N/A | ✓ | ✓ | ✓ | ✓ | ✓ | N/A | N/A | |
N/A | N/A | N/A | ✓ | ✓ | ✓ | ✓ | ✓ | N/A | N/A | |
N/A | N/A | N/A | ✓ | ✓ | ✓ | ✓ | ✓ | N/A | N/A | |
N/A | N/A | N/A | ✓ | ✓ | ✓ | ✓ | ✓ | N/A | N/A | |
N/A | N/A | N/A | ✓ | ✓ | ✓ | ✓ | ✓ | N/A | N/A | |
N/A | N/A | N/A | ✓ | ✓ | ✓ | ✓ | ✓ | N/A | N/A | |
N/A | N/A | N/A | N/A | ✓ | ✓ | ✓ | ✓ | N/A | N/A | |
N/A | N/A | N/A | N/A | ✓ | ✓ | ✓ | ✓ | N/A | N/A | |
N/A | N/A | N/A | N/A | ✓ | ✓ | ✓ | ✓ | N/A | N/A | |
N/A | N/A | N/A | N/A | ✓ | ✓ | ✓ | ✓ | N/A | N/A |
不影响 Amazon 的 CVE ElastiCache
以下 CVE 不会影响 Amazon ElastiCache for Valkey 或 Redis OSS。