CNNVD-202509-2669 Information

CNNVD ID

CNNVD-202509-2669

Related CVE

CVE-2025-59410

• CNNVD Published: 2025-09-17

Description (Chinese)

Dragonfly是DragonflyDB开源的一个框架，可以对任何内容类型进行动态处理。 Dragonfly 2.1.0之前版本存在安全漏洞，该漏洞源于调度器代码中下载小文件时硬编码使用HTTP协议而非HTTPS，可能导致中间人攻击。

Description (English)

Dragonfly is an open-source framework for DragonflyDB that can dynamically process any type of content. There was a security loophole in the pre-Dragonfly 2.1.0 version, which resulted from the use of HTTP protocols instead of HTTPS for hard-coding when downloading small files in the scheduler code, which could lead to an attack by an intermediary.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

如梦技术

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/dragonflyoss/dragonfly/blob/main/docs/security/dragonfly-comprehensive-report-2023.pdf https://github.com/dragonflyoss/dragonfly/security/advisories/GHSA-mcvp-rpgg-9273

Patch

https://d7y.io/