CNNVD-202509-2707 Information

CNNVD ID

CNNVD-202509-2707

Related CVE

CVE-2025-59349

• CNNVD Published: 2025-09-17

Description (Chinese)

Dragonfly是DragonflyDB开源的一个框架，可以对任何内容类型进行动态处理。 Dragonfly 2.1.0之前版本存在安全漏洞，该漏洞源于os.MkdirAll函数未对现有目录路径执行权限检查，可能导致本地攻击者篡改文件。

Description (English)

Dragonfly is an open-source framework for DragonflyDB that can dynamically process any type of content. There was a security loophole in the pre-Dragonfly 2.1.0 version, which originated from the fact that the Os. MkdirAll function did not perform permission checks on the existing directory path, which could lead local assailants to tamper with the document.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

如梦技术

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/dragonflyoss/dragonfly/blob/main/docs/security/dragonfly-comprehensive-report-2023.pdf https://github.com/dragonflyoss/dragonfly/security/advisories/GHSA-8425-8r2f-mrv6

Patch

https://d7y.io/