ChatGPT Data Leak and Redis Race Condition Vulnerability That Remains Unfixed
OpenAI recently experienced a data leak due to a race condition vulnerability in the Redis open source component. This vulnerability, tracked as sonatype-2023-1621 and assigned CVE-2023-28858 and CVE-2023-28859, caused some of its subscribers’ payment-related info, along with users’ chat queries, to be leaked. OpenAI uses Redis to cache user information across its servers and Redis Cluster to fairly distribute load across multiple Redis instances. The Redis PyPI library uses ‘asyncio’ to implement its cluster and client classes, but due to insufficient error handling in Redis, this race condition vulnerability remains unfixed. CVEs: CVE-2023-28858, CVE-2023-28859 [View Article](https://blog.sonatype.com/openai-data-leak-and-redis-race-condition-vulnerability-that-remains-unfixed)