CNNVD-202509-2676 Information

CNNVD ID

CNNVD-202509-2676

Related CVE

CVE-2025-59345

• CNNVD Published: 2025-09-17

Description (Chinese)

Dragonfly是DragonflyDB开源的一个框架，可以对任何内容类型进行动态处理。 Dragonfly 2.1.0之前版本存在访问控制错误漏洞，该漏洞源于/api/v1/jobs和/preheats端点未经验证即可访问，可能导致拒绝服务攻击。

Description (English)

Dragonfly is an open-source framework for DragonflyDB that can dynamically process any type of content. Prior versions of Dragonfly 2.1.0 had access control error holes, which originated from access to the endpoints/api/v1/jobs and/or preheats without authentication and could lead to denial of service attacks.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

如梦技术

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/dragonflyoss/dragonfly/blob/main/docs/security/dragonfly-comprehensive-report-2023.pdf https://github.com/dragonflyoss/dragonfly/security/advisories/GHSA-89vc-vf32-ch59

Patch

https://d7y.io/