Common Vulnerabilities and Exposures (CVE): Security vulnerabilities addressed in ElastiCache

Common Vulnerabilities and Exposures (CVE) is a list of entries for publicly known cybersecurity vulnerabilities. Each entry is a link that contains an identification number, a description, and at least one public reference. You can find on this page a list of security vulnerabilities that have been addressed in ElastiCache.

We recommend that you always upgrade to the latest ElastiCache Valkey, Redis OSS or ElastiCache Memcached versions to be protected against known vulnerabilities. When operating an ElastiCache Serverless Cache, CVE fixes are automatically applied to your cache. When operating self-designed clusters with Valkey or Redis OSS, ElastiCache exposes the PATCH component. For example, when using ElastiCache (Redis OSS) version 6.2.6, the major version is 6, the minor version is 2, and the patch version is 6. PATCH versions are for backwards-compatible bug fixes, security fixes, and non-functional changes.

You can use the following table to verify whether a particular version of ElastiCache Valkey and Redis OSS has a fix for a specific security vulnerability. If your ElastiCache Valkey or Redis OSS cluster is running a version without the security fix, refer to the table below and take action. You can either upgrade to a more recent ElastiCache Valkey or Redis OSS version containing the fix, or if you are on a version containing the fix, ensure you have the latest service update applied by referring to Managing service updates for self-designed clusters. For more information on the supported ElastiCache engine versions and how to upgrade, see Engine versions and upgrading in ElastiCache.