CNNVD-202509-2671 Information

CNNVD ID

CNNVD-202509-2671

Related CVE

CVE-2025-59353

• CNNVD Published: 2025-09-17

Description (Chinese)

Dragonfly是DragonflyDB开源的一个框架，可以对任何内容类型进行动态处理。 Dragonfly 2.1.0之前版本存在安全漏洞，该漏洞源于Manager的Certificate gRPC服务未验证请求IP地址是否属于请求证书的对等节点，可能导致mTLS身份验证失效。

Description (English)

Dragonfly is an open-source framework for DragonflyDB that can dynamically process any type of content. Prior to Dragonfly 2.1.0, there was a security loophole, which originated from Manager ’ s Certificate gRPC service, which failed to verify whether the requested IP address was the equivalent of the requested certificate, and could result in the failure of mTLS identification.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

如梦技术

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/dragonflyoss/dragonfly/blob/main/docs/security/dragonfly-comprehensive-report-2023.pdf https://github.com/dragonflyoss/dragonfly/security/advisories/GHSA-255v-qv84-29p5

Patch

https://d7y.io/