CNNVD-202509-2695 Information

CNNVD ID

CNNVD-202509-2695

Related CVE

CVE-2025-59347

• CNNVD Published: 2025-09-17

Description (Chinese)

Dragonfly是DragonflyDB开源的一个框架，可以对任何内容类型进行动态处理。 Dragonfly 2.1.0之前版本存在信任管理问题漏洞，该漏洞源于禁用TLS证书验证，可能导致中间人攻击和拒绝服务。

Description (English)

Dragonfly is an open-source framework for DragonflyDB that can dynamically process any type of content. Prior to Dragonfly 2.1.0, there was a gap in the management of trust, which resulted from the ban on TLS certification, which could lead to attacks and denials of services by intermediaries.

Hazard Level

High

Vulnerability Type

信任管理问题

Affected Vendor

如梦技术

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/dragonflyoss/dragonfly/blob/main/docs/security/dragonfly-comprehensive-report-2023.pdf https://github.com/dragonflyoss/dragonfly/security/advisories/GHSA-98x5-jw98-6c97

Patch

https://d7y.io/