CNNVD-202509-2670 Information

CNNVD ID

CNNVD-202509-2670

Related CVE

CVE-2025-59354

• CNNVD Published: 2025-09-17

Description (Chinese)

Dragonfly是DragonflyDB开源的一个框架，可以对任何内容类型进行动态处理。 Dragonfly 2.1.0之前版本存在安全漏洞，该漏洞源于使用MD5等不安全哈希函数，可能导致恶意文件替换。

Description (English)

Dragonfly is an open-source framework for DragonflyDB that can dynamically process any type of content. There was a security gap in the pre-Dragonfly 2.1.0 version, which stemmed from the use of unsafe Hashi functions such as MD5, which could lead to the replacement of malicious documents.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

如梦技术

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/dragonflyoss/dragonfly/blob/main/docs/security/dragonfly-comprehensive-report-2023.pdf https://github.com/dragonflyoss/dragonfly/security/advisories/GHSA-hx2h-vjw2-8r54

Patch

https://d7y.io/