CNNVD-202509-2687 Information

CNNVD ID

CNNVD-202509-2687

Related CVE

CVE-2025-59346

• CNNVD Published: 2025-09-17

Description (Chinese)

Dragonfly是DragonflyDB开源的一个框架，可以对任何内容类型进行动态处理。 Dragonfly 2.1.0之前版本存在代码问题漏洞，该漏洞源于Manager API在创建Preheat作业时接受用户提供的URL且验证不足，可能导致服务端请求伪造攻击。

Description (English)

Dragonfly is an open-source framework for DragonflyDB that can dynamically process any type of content. Prior to Dragonfly 2.1.0, there was a code problem loophole, which originated from the fact that Manager API accepted and failed to verify the URL provided by the user when creating the Preheat operation, which could lead to the service requesting a false attack.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

如梦技术

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/dragonflyoss/dragonfly/blob/main/docs/security/dragonfly-comprehensive-report-2023.pdf https://github.com/dragonflyoss/dragonfly/security/advisories/GHSA-g2rq-jv54-wcpr

Patch

https://d7y.io/