I’d imagine recent uptick in using services like Upstash may make it harder for ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		johnbellone 3 months ago \| parent \| context \| favorite \| on: Redis CVE-2025-49844: Use-After-Free may lead to r... I’d imagine recent uptick in using services like Upstash may make it harder for people to know if they are vulnerable or not. Is this mitigated by disabling Lua script execution?

loloquwowndueo 3 months ago | [–]

Upstash wouldn’t be vulnerable - Upstash doesn’t run upstream redis, it’s a protocol-compatible proprietary implementation.

arnorhs 3 months ago | [–]

I would guess it is.

Also:

> Exploitation of this vulnerability requires an attacker to first gain authenticated access to your Redis instance.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact