CNNVD-202509-2678 Information

CNNVD ID

CNNVD-202509-2678

Related CVE

CVE-2025-59350

• CNNVD Published: 2025-09-17

Description (Chinese)

Dragonfly是DragonflyDB开源的一个框架，可以对任何内容类型进行动态处理。 Dragonfly 2.1.0之前版本存在安全漏洞，该漏洞源于代理功能访问控制机制使用简单字符串比较，容易受到时序攻击。

Description (English)

Dragonfly is an open-source framework for DragonflyDB that can dynamically process any type of content. Prior to Dragonfly 2.1.0, there was a security loophole, which arose from the use of simple strings by proxy access control mechanisms and was vulnerable to time-series attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

如梦技术

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/dragonflyoss/dragonfly/blob/main/docs/security/dragonfly-comprehensive-report-2023.pdf https://github.com/dragonflyoss/dragonfly/security/advisories/GHSA-c2fc-9q9c-5486

Patch

https://d7y.io/