Watch a 35-minute PyCon Israel conference talk exploring a critical vulnerability discovered in redis-py, a Python library with nearly 30 million monthly downloads. Learn about the data leakage bug that impacted major AI frameworks, following the journey from discovery through resolution. Gain practical insights into debugging library issues, implementing and testing fixes, and navigating security vulnerabilities in open source projects. Understand the delicate balance of addressing critical bugs while working transparently with open source communities. Examine real code examples and processes used to resolve this specific CVE (Common Vulnerabilities and Exposures), with all discussed code available in public repositories.
Fixing a CVE in Redis-py - Open Source Bug Hunting and Security Vulnerability Resolution
PyCon Israel via YouTube
Overview
Syllabus
Chayim Kirshen- Fixing a CVE In the Open: redis-py, chatgpt, and open source bug hunting
Taught by
PyCon Israel
Related Courses
-
CVE Series: Redis (CVE-2022-0543)
-
Surviving the CVE Firehose: Strategies for Open Source Product Security
-
Open Source CVE Monitoring and Management - Cutting Through the Vulnerability Storm
-
Detecting and Fixing CVE Security Issues in Yocto-Based Embedded Linux Distributions - Mikko Rapeli
-
Matching CVEs and Source Code for Vulnerability Detection
-
The Hunt for CVE-2023-0286 - Replicating OpenSSL's Latest Vulnerability
